USN-6495-2

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2023-31085 CVE-2023-45871 UBUNTU-CVE-2023-31085 UBUNTU-CVE-2023-45871

Published: 30 Nov 2023, 17:38

Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Nov 2023, 17:38

Published

Vulnerability first disclosed

03 Jun 2026, 13:34

Last Modified

Vulnerability information updated

Description

linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop vulnerabilities Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871)

Affected Systems

ubuntu•linux-azure
< 5.4.0-1120.127
ubuntu•linux-azure-5.4
< 5.4.0-1120.127~18.04.1
ubuntu•linux-gcp
< 5.4.0-1118.127
ubuntu•linux-gcp-5.4
< 5.4.0-1118.127~18.04.1
ubuntu•linux-gkeop
< 5.4.0-1081.85

USN-6495-2

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)