USN-6496-2

Advisory lineage Upstream: 6 Downstream: 0
Published: 30 Nov 2023, 17:24
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

30 Nov 2023, 17:24
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15 vulnerabilities Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. (CVE-2023-25775) Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871)

Affected Systems

  • ubuntulinux-azure

    < 5.15.0-1052.60

  • ubuntulinux-azure-5.15

    < 5.15.0-1052.60~20.04.1

  • ubuntulinux-azure-fde

    < 5.15.0-1052.60.1

  • ubuntulinux-azure-fde-5.15

    < 5.15.0-1052.60~20.04.1.1

  • ubuntulinux-gcp

    < 5.15.0-1047.55

  • ubuntulinux-gcp-5.15

    < 5.15.0-1047.55~20.04.1

  • ubuntulinux-gke

    < 5.15.0-1047.52

  • ubuntulinux-gkeop

    < 5.15.0-1033.39

  • ubuntulinux-gkeop-5.15

    < 5.15.0-1033.39~20.04.1

References (4)