USN-6495-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 21 Nov 2023, 15:30
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 Nov 2023, 15:30
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871)

Affected Systems

  • ubuntulinux

    < 5.4.0-167.184

  • ubuntulinux-aws

    < 5.4.0-1114.124

  • ubuntulinux-aws-5.4

    < 5.4.0-1114.124~18.04.1

  • ubuntulinux-bluefield

    < 5.4.0-1075.81

  • ubuntulinux-hwe-5.4

    < 5.4.0-167.184~18.04.1

  • ubuntulinux-ibm

    < 5.4.0-1061.66

  • ubuntulinux-ibm-5.4

    < 5.4.0-1061.66~18.04.1

  • ubuntulinux-iot

    < 5.4.0-1026.27

  • ubuntulinux-kvm

    < 5.4.0-1103.110

  • ubuntulinux-oracle

    < 5.4.0-1113.122

  • ubuntulinux-oracle-5.4

    < 5.4.0-1113.122~18.04.1

  • ubuntulinux-raspi

    < 5.4.0-1098.110

  • ubuntulinux-raspi-5.4

    < 5.4.0-1098.110~18.04.2

  • ubuntulinux-xilinx-zynqmp

    < 5.4.0-1034.38

References (3)