LSN-0099-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/LSN-0099-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/lsn/LSN-0099-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/LSN-0099-1

Related

Published

2023-11-28T09:40:33Z

Modified

2023-11-28T09:40:33Z

Summary

Kernel Live Patch Security Notice

Details

It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability).(CVE-2022-3643)

It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).(CVE-2023-3567)

It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3609)

It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3777)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-4004)

Bing-Jhong Billy Jheng discovered that the Unix domain socket implementation in the Linux kernel contained a race condition in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4623)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel did not properly validate register length, leading to an out-of- bounds write vulnerability. A local attacker could possibly use this to cause a denial of service (system crash).(CVE-2023-4881)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle removal of rules from chain bindings in certain circumstances, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-5197)

Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-31436)

Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service (host system crash) or possibly execute arbitrary code.(CVE-2023-34319)

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-40283)

Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-42752)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did not properly calculate array offsets, leading to a out-of-bounds write vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-42753)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-lts-xenial

Package

Name: linux-lts-xenial
Purl: pkg:deb/ubuntu/linux-lts-xenial@4.4.0-246.280~14.04.1?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-246.280~14.04.1

Affected versions

4.*

4.4.0-13.29~14.04.1

4.4.0-14.30~14.04.2

4.4.0-15.31~14.04.1

4.4.0-18.34~14.04.1

4.4.0-21.37~14.04.1

4.4.0-22.39~14.04.1

4.4.0-22.40~14.04.1

4.4.0-24.43~14.04.1

4.4.0-28.47~14.04.1

4.4.0-31.50~14.04.1

4.4.0-34.53~14.04.1

4.4.0-36.55~14.04.1

4.4.0-38.57~14.04.1

4.4.0-42.62~14.04.1

4.4.0-45.66~14.04.1

4.4.0-47.68~14.04.1

4.4.0-51.72~14.04.1

4.4.0-53.74~14.04.1

4.4.0-57.78~14.04.1

4.4.0-59.80~14.04.1

4.4.0-62.83~14.04.1

4.4.0-63.84~14.04.2

4.4.0-64.85~14.04.1

4.4.0-66.87~14.04.1

4.4.0-67.88~14.04.1

4.4.0-70.91~14.04.1

4.4.0-71.92~14.04.1

4.4.0-72.93~14.04.1

4.4.0-75.96~14.04.1

4.4.0-78.99~14.04.2

4.4.0-79.100~14.04.1

4.4.0-81.104~14.04.1

4.4.0-83.106~14.04.1

4.4.0-87.110~14.04.1

4.4.0-89.112~14.04.1

4.4.0-91.114~14.04.1

4.4.0-92.115~14.04.1

4.4.0-93.116~14.04.1

4.4.0-96.119~14.04.1

4.4.0-97.120~14.04.1

4.4.0-98.121~14.04.1

4.4.0-101.124~14.04.1

4.4.0-103.126~14.04.1

4.4.0-104.127~14.04.1

4.4.0-108.131~14.04.1

4.4.0-109.132~14.04.1

4.4.0-111.134~14.04.1

4.4.0-112.135~14.04.1

4.4.0-116.140~14.04.1

4.4.0-119.143~14.04.1

4.4.0-121.145~14.04.1

4.4.0-124.148~14.04.1

4.4.0-127.153~14.04.1

4.4.0-128.154~14.04.1

4.4.0-130.156~14.04.1

4.4.0-131.157~14.04.1

4.4.0-133.159~14.04.1

4.4.0-134.160~14.04.1

4.4.0-135.161~14.04.1

4.4.0-137.163~14.04.1

4.4.0-138.164~14.04.1

4.4.0-139.165~14.04.1

4.4.0-140.166~14.04.1

4.4.0-141.167~14.04.1

4.4.0-142.168~14.04.1

4.4.0-143.169~14.04.2

4.4.0-144.170~14.04.1

4.4.0-146.172~14.04.1

4.4.0-148.174~14.04.1

4.4.0-164.192~14.04.1

4.4.0-165.193~14.04.1

4.4.0-166.195~14.04.1

4.4.0-168.197~14.04.1

4.4.0-169.198~14.04.1

4.4.0-170.199~14.04.1

4.4.0-171.200~14.04.1

4.4.0-173.203~14.04.1

4.4.0-174.204~14.04.1

4.4.0-176.206~14.04.1

4.4.0-177.207~14.04.1

4.4.0-178.208~14.04.1

4.4.0-179.209~14.04.1

4.4.0-184.214~14.04.1

4.4.0-185.215~14.04.1

4.4.0-186.216~14.04.1

4.4.0-187.217~14.04.1

4.4.0-189.219~14.04.1

4.4.0-190.220~14.04.1

4.4.0-193.224~14.04.1

4.4.0-194.226~14.04.1

4.4.0-197.229~14.04.1

4.4.0-198.230~14.04.1

4.4.0-200.232~14.04.1

4.4.0-201.233~14.04.1

4.4.0-203.235~14.04.1

4.4.0-204.236~14.04.1

4.4.0-206.238~14.04.1

4.4.0-208.240~14.04.1

4.4.0-209.241~14.04.1

4.4.0-210.242~14.04.1

4.4.0-211.243~14.04.1

4.4.0-212.244~14.04.1

4.4.0-213.245~14.04.1

4.4.0-214.246~14.04.1

4.4.0-215.247~14.04.1

4.4.0-218.251~14.04.1

4.4.0-219.252~14.04.1

4.4.0-221.254~14.04.1

4.4.0-222.255~14.04.1

4.4.0-223.256~14.04.1

4.4.0-224.257~14.04.1

4.4.0-227.261~14.04.1

4.4.0-229.263~14.04.1

4.4.0-230.264~14.04.1

4.4.0-231.265~14.04.1

4.4.0-233.267~14.04.1

4.4.0-234.268~14.04.1

4.4.0-235.269~14.04.1

4.4.0-236.270~14.04.1

4.4.0-237.271~14.04.1

4.4.0-239.273~14.04.1

4.4.0-240.274~14.04.1

4.4.0-241.275~14.04.1

4.4.0-242.276~14.04.1

4.4.0-243.277~14.04.1

4.4.0-244.278~14.04.1

4.4.0-245.279~14.04.1

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_4_0[_|\\d]+_(?:generic|lowlatency)_(\\d+)"
}

Ubuntu:Pro:16.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@4.4.0-1162.177?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-1162.177

Affected versions

4.*

4.4.0-1001.10

4.4.0-1003.12

4.4.0-1004.13

4.4.0-1007.16

4.4.0-1009.18

4.4.0-1011.20

4.4.0-1012.21

4.4.0-1013.22

4.4.0-1016.25

4.4.0-1017.26

4.4.0-1018.27

4.4.0-1020.29

4.4.0-1022.31

4.4.0-1026.35

4.4.0-1028.37

4.4.0-1030.39

4.4.0-1031.40

4.4.0-1032.41

4.4.0-1035.44

4.4.0-1037.46

4.4.0-1038.47

4.4.0-1039.48

4.4.0-1041.50

4.4.0-1043.52

4.4.0-1044.53

4.4.0-1047.56

4.4.0-1048.57

4.4.0-1049.58

4.4.0-1050.59

4.4.0-1052.61

4.4.0-1054.63

4.4.0-1055.64

4.4.0-1057.66

4.4.0-1060.69

4.4.0-1061.70

4.4.0-1062.71

4.4.0-1063.72

4.4.0-1065.75

4.4.0-1066.76

4.4.0-1067.77

4.4.0-1069.79

4.4.0-1070.80

4.4.0-1072.82

4.4.0-1073.83

4.4.0-1074.84

4.4.0-1075.85

4.4.0-1077.87

4.4.0-1079.89

4.4.0-1081.91

4.4.0-1083.93

4.4.0-1084.94

4.4.0-1085.96

4.4.0-1087.98

4.4.0-1088.99

4.4.0-1090.101

4.4.0-1092.103

4.4.0-1094.105

4.4.0-1095.106

4.4.0-1096.107

4.4.0-1098.109

4.4.0-1099.110

4.4.0-1100.111

4.4.0-1101.112

4.4.0-1102.113

4.4.0-1104.115

4.4.0-1105.116

4.4.0-1106.117

4.4.0-1107.118

4.4.0-1109.120

4.4.0-1110.121

4.4.0-1111.123

4.4.0-1112.124

4.4.0-1113.126

4.4.0-1114.127

4.4.0-1117.131

4.4.0-1118.132

4.4.0-1119.133

4.4.0-1121.135

4.4.0-1122.136

4.4.0-1123.137

4.4.0-1124.138

4.4.0-1126.140

4.4.0-1127.141

4.4.0-1128.142

4.4.0-1129.143

4.4.0-1130.144

4.4.0-1131.145

4.4.0-1132.146

4.4.0-1133.147

4.4.0-1134.148

4.4.0-1135.149

4.4.0-1137.151

4.4.0-1138.152

4.4.0-1139.153

4.4.0-1140.154

4.4.0-1143.158

4.4.0-1145.160

4.4.0-1146.161

4.4.0-1147.162

4.4.0-1148.163

4.4.0-1150.165

4.4.0-1151.166

4.4.0-1152.167

4.4.0-1153.168

4.4.0-1154.169

4.4.0-1155.170

4.4.0-1156.171

4.4.0-1157.172

4.4.0-1158.173

4.4.0-1159.174

4.4.0-1160.175

4.4.0-1161.176

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_4_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:18.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@4.15.0-1162.175?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15.0-1162.175

Affected versions

4.*

4.15.0-1001.1

4.15.0-1003.3

4.15.0-1005.5

4.15.0-1006.6

4.15.0-1007.7

4.15.0-1009.9

4.15.0-1010.10

4.15.0-1011.11

4.15.0-1016.16

4.15.0-1017.17

4.15.0-1019.19

4.15.0-1020.20

4.15.0-1021.21

4.15.0-1023.23

4.15.0-1025.25

4.15.0-1027.27

4.15.0-1029.30

4.15.0-1031.33

4.15.0-1032.34

4.15.0-1033.35

4.15.0-1034.36

4.15.0-1035.37

4.15.0-1037.39

4.15.0-1039.41

4.15.0-1040.42

4.15.0-1041.43

4.15.0-1043.45

4.15.0-1044.46

4.15.0-1045.47

4.15.0-1047.49

4.15.0-1048.50

4.15.0-1050.52

4.15.0-1051.53

4.15.0-1052.54

4.15.0-1054.56

4.15.0-1056.58

4.15.0-1057.59

4.15.0-1058.60

4.15.0-1060.62

4.15.0-1063.67

4.15.0-1065.69

4.15.0-1066.70

4.15.0-1067.71

4.15.0-1073.77

4.15.0-1076.80

4.15.0-1077.81

4.15.0-1079.83

4.15.0-1080.84

4.15.0-1082.86

4.15.0-1083.87

4.15.0-1086.91

4.15.0-1087.92

4.15.0-1088.93

4.15.0-1090.95

4.15.0-1091.96

4.15.0-1092.98

4.15.0-1093.99

4.15.0-1094.101

4.15.0-1095.102

4.15.0-1096.103

4.15.0-1097.104

4.15.0-1098.105

4.15.0-1099.106

4.15.0-1101.108

4.15.0-1102.109

4.15.0-1103.110

4.15.0-1106.113

4.15.0-1109.116

4.15.0-1110.117

4.15.0-1111.118

4.15.0-1112.119

4.15.0-1114.121

4.15.0-1115.122

4.15.0-1116.123

4.15.0-1118.125

4.15.0-1119.127

4.15.0-1121.129

4.15.0-1123.132

4.15.0-1124.133

4.15.0-1126.135

4.15.0-1127.136

4.15.0-1128.137

4.15.0-1130.139

4.15.0-1133.143

4.15.0-1136.147

4.15.0-1137.148

4.15.0-1139.150

4.15.0-1140.151

4.15.0-1141.152

4.15.0-1142.154

4.15.0-1143.155

4.15.0-1144.156

4.15.0-1146.158

4.15.0-1147.159

4.15.0-1148.160

4.15.0-1150.163

4.15.0-1151.164

4.15.0-1153.166

4.15.0-1154.167

4.15.0-1155.168

4.15.0-1156.169

4.15.0-1157.170

4.15.0-1158.171

4.15.0-1159.172

4.15.0-1160.173

4.15.0-1161.174

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_15_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:20.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@5.4.0-1112.121?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1112.121

Affected versions

5.*

5.3.0-1003.3

5.3.0-1008.9

5.3.0-1009.10

5.3.0-1010.11

5.4.0-1005.5

5.4.0-1007.7

5.4.0-1008.8

5.4.0-1009.9

5.4.0-1011.11

5.4.0-1015.15

5.4.0-1017.17

5.4.0-1018.18

5.4.0-1020.20

5.4.0-1021.21

5.4.0-1022.22

5.4.0-1024.24

5.4.0-1025.25

5.4.0-1028.29

5.4.0-1029.30

5.4.0-1030.31

5.4.0-1032.33

5.4.0-1034.35

5.4.0-1035.37

5.4.0-1037.39

5.4.0-1038.40

5.4.0-1039.41

5.4.0-1041.43

5.4.0-1043.45

5.4.0-1045.47

5.4.0-1047.49

5.4.0-1048.50

5.4.0-1049.51

5.4.0-1051.53

5.4.0-1054.57

5.4.0-1055.58

5.4.0-1056.59

5.4.0-1057.60

5.4.0-1058.61

5.4.0-1059.62

5.4.0-1060.63

5.4.0-1061.64

5.4.0-1063.66

5.4.0-1064.67

5.4.0-1065.68

5.4.0-1066.69

5.4.0-1068.72

5.4.0-1069.73

5.4.0-1071.76

5.4.0-1072.77

5.4.0-1073.78

5.4.0-1075.80

5.4.0-1078.84

5.4.0-1080.87

5.4.0-1081.88

5.4.0-1083.90

5.4.0-1084.91

5.4.0-1085.92

5.4.0-1086.93

5.4.0-1088.96

5.4.0-1089.97

5.4.0-1092.100

5.4.0-1093.101

5.4.0-1094.102

5.4.0-1096.104

5.4.0-1097.105

5.4.0-1099.107

5.4.0-1100.108

5.4.0-1101.109

5.4.0-1102.110

5.4.0-1103.111

5.4.0-1104.112

5.4.0-1105.113

5.4.0-1106.114

5.4.0-1107.115

5.4.0-1108.116

5.4.0-1109.118

5.4.0-1110.119

5.4.0-1111.120

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_5_4_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:22.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@5.15.0-1048.53?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.0-1048.53

Affected versions

5.*

5.13.0-1005.6

5.15.0-1002.4

5.15.0-1003.5

5.15.0-1004.6

5.15.0-1005.7

5.15.0-1008.10

5.15.0-1009.11

5.15.0-1011.14

5.15.0-1013.17

5.15.0-1014.18

5.15.0-1015.19

5.15.0-1017.21

5.15.0-1019.23

5.15.0-1020.24

5.15.0-1021.25

5.15.0-1022.26

5.15.0-1023.27

5.15.0-1026.30

5.15.0-1027.31

5.15.0-1028.32

5.15.0-1030.34

5.15.0-1031.35

5.15.0-1033.37

5.15.0-1034.38

5.15.0-1035.39

5.15.0-1036.40

5.15.0-1037.41

5.15.0-1038.43

5.15.0-1039.44

5.15.0-1040.45

5.15.0-1042.47

5.15.0-1043.48

5.15.0-1044.49

5.15.0-1045.50

5.15.0-1047.52

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_5_15_0[_|\\d]+_aws_(\\d+)"
}