USN-6387-1

Description

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128)

Affected Systems

• ubuntu•linux

  < 5.4.0-163.180

• ubuntu•linux-aws

  < 5.4.0-1110.119

• ubuntu•linux-aws-5.4

  < 5.4.0-1110.119~18.04.1

• ubuntu•linux-azure

  < 5.4.0-1116.123

• ubuntu•linux-azure-5.4

  < 5.4.0-1116.123~18.04.1

• ubuntu•linux-gcp

  < 5.4.0-1113.122

• ubuntu•linux-gcp-5.4

  < 5.4.0-1113.122~18.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1077.81

• ubuntu•linux-hwe-5.4

  < 5.4.0-163.180~18.04.1

• ubuntu•linux-ibm

  < 5.4.0-1057.62

• ubuntu•linux-ibm-5.4

  < 5.4.0-1057.62~18.04.1

• ubuntu•linux-iot

  < 5.4.0-1022.23

• ubuntu•linux-kvm

  < 5.4.0-1099.105

• ubuntu•linux-oracle

  < 5.4.0-1109.118

• ubuntu•linux-oracle-5.4

  < 5.4.0-1109.118~18.04.1

• ubuntu•linux-xilinx-zynqmp

  < 5.4.0-1030.34

References (4)

• https://ubuntu.com/security/notices/USN-6387-1
• https://ubuntu.com/security/CVE-2023-4128
• https://ubuntu.com/security/CVE-2023-20588
• https://ubuntu.com/security/CVE-2023-40283