USN-6704-4

Description

linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-23000) Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2023-32247) Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1085) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) It was discovered that a race condition existed in the SCSI Emulex LightPulse Fibre Channel driver in the Linux kernel when unregistering FCF and re-scanning an HBA FCF table, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-24855)

Affected Systems

• ubuntu•linux-intel-iotg

  < 5.15.0-1051.57

• ubuntu•linux-intel-iotg-5.15

  < 5.15.0-1051.57~20.04.1

References (6)

• https://ubuntu.com/security/notices/USN-6704-4
• https://ubuntu.com/security/CVE-2023-23000
• https://ubuntu.com/security/CVE-2023-32247
• https://ubuntu.com/security/CVE-2024-1085
• https://ubuntu.com/security/CVE-2024-1086
• https://ubuntu.com/security/CVE-2024-24855