USN-6231-1

It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124)

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)

It was discovered that the DVB Core driver in the Linux kernel did not properly handle locking events in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-31084)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141)

Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212)

References

Affected packages

Ubuntu:22.04:LTS / linux-oem-6.1

Package

Name: linux-oem-6.1
Purl: pkg:deb/ubuntu/linux-oem-6.1@6.1.0-1016.16?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.0-1016.16

Affected versions

6.*

6.1.0-1004.4

6.1.0-1006.6

6.1.0-1007.7

6.1.0-1008.8

6.1.0-1009.9

6.1.0-1010.10

6.1.0-1012.12

6.1.0-1013.13

6.1.0-1014.14

6.1.0-1015.15

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-buildinfo-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-headers-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-image-unsigned-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-modules-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-modules-ipu6-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-modules-ivsc-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-modules-iwlwifi-6.1.0-1016-oem"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-oem-6.1-headers-6.1.0-1016"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-oem-6.1-tools-6.1.0-1016"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-oem-6.1-tools-host"
        },
        {
            "binary_version": "6.1.0-1016.16",
            "binary_name": "linux-tools-6.1.0-1016-oem"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:22.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ],
            "id": "CVE-2023-2124"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "high"
                }
            ],
            "id": "CVE-2023-3090"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ],
            "id": "CVE-2023-3141"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ],
            "id": "CVE-2023-3212"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "low"
                }
            ],
            "id": "CVE-2023-31084"
        }
    ]
}