usn-6096-1
Vulnerability from osv_ubuntu
Published
2023-05-22 19:58
Modified
2026-06-03 10:45
Summary
linux-gcp, linux-hwe-5.19 vulnerabilities
Details

It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280)

Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707)

Haowei Yan discovered that a race condition existed in the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-4129)

It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-4842)

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-48423)

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate attributes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-48424)

It was discovered that the KSMBD implementation in the Linux kernel did not properly validate buffer lengths, leading to a heap-based buffer overflow. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-0210)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394)

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit() function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0458)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459)

It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073)

It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075)

It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-1078)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel did not properly initialize some data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that the NFS implementation in the Linux kernel did not properly handle pending tasks in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1652)

It was discovered that the ARM64 EFI runtime services implementation in the Linux kernel did not properly manage concurrency calls. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21102)

It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-21106)

It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162)

Kyle Zeng discovered that the class-based queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23454)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in the Linux kernel contained a type confusion vulnerability in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2023-23455)

It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate the size of attributes when parsing MFT. A local attacker could possibly use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-26544)

It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269)

Duoming Zhou discovered that a race condition existed in the infrared receiver/transceiver driver in the Linux kernel, leading to a use-after- free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1118)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-3707",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-4129",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-4842",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-27672",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-36280",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-48423",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-48424",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-0210",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-0394",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-0458",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-0459",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1073",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1074",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1075",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1078",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1118",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "negligible",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1513",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1652",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2162",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-21102",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-21106",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-23454",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-23455",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-26544",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-32269",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-buildinfo-5.19.0-42-generic-64k",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-buildinfo-5.19.0-42-generic-lpae",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-cloud-tools-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-headers-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-headers-5.19.0-42-generic-64k",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-headers-5.19.0-42-generic-lpae",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-hwe-5.19-cloud-tools-5.19.0-42",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-hwe-5.19-cloud-tools-common",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-hwe-5.19-headers-5.19.0-42",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-hwe-5.19-tools-5.19.0-42",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-hwe-5.19-tools-common",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-hwe-5.19-tools-host",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-image-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-image-5.19.0-42-generic-lpae",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-5.19.0-42-generic-64k",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-5.19.0-42-generic-64k",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-5.19.0-42-generic-lpae",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-extra-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-ipu6-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-ivsc-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-modules-iwlwifi-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-source-5.19.0",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-tools-5.19.0-42-generic",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-tools-5.19.0-42-generic-64k",
            "binary_version": "5.19.0-42.43~22.04.1"
          },
          {
            "binary_name": "linux-tools-5.19.0-42-generic-lpae",
            "binary_version": "5.19.0-42.43~22.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "linux-hwe-5.19",
        "purl": "pkg:deb/ubuntu/linux-hwe-5.19@5.19.0-42.43~22.04.1?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.19.0-42.43~22.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.19.0-28.29~22.04.1",
        "5.19.0-32.33~22.04.1",
        "5.19.0-35.36~22.04.1",
        "5.19.0-38.39~22.04.1",
        "5.19.0-40.41~22.04.1",
        "5.19.0-41.42~22.04.1"
      ]
    }
  ],
  "aliases": [],
  "details": "It was discovered that some AMD x86-64 processors with SMT enabled could\nspeculatively execute instructions using a return address from a sibling\nthread. A local attacker could possibly use this to expose sensitive\ninformation. (CVE-2022-27672)\n\nZiming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux\nkernel contained an out-of-bounds write vulnerability. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2022-36280)\n\nZheng Wang discovered that the Intel i915 graphics driver in the Linux\nkernel did not properly handle certain error conditions, leading to a\ndouble-free. A local attacker could possibly use this to cause a denial of\nservice (system crash). (CVE-2022-3707)\n\nHaowei Yan discovered that a race condition existed in the Layer 2\nTunneling Protocol (L2TP) implementation in the Linux kernel. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2022-4129)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel contained a null pointer dereference in some situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2022-4842)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel did not properly validate attributes in certain situations, leading\nto an out-of-bounds write vulnerability. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2022-48423)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel did not properly validate attributes in certain situations, leading\nto an out-of-bounds read vulnerability. A local attacker could possibly use\nthis to expose sensitive information (kernel memory). (CVE-2022-48424)\n\nIt was discovered that the KSMBD implementation in the Linux kernel did not\nproperly validate buffer lengths, leading to a heap-based buffer overflow.\nA remote attacker could possibly use this to cause a denial of service\n(system crash). (CVE-2023-0210)\n\nKyle Zeng discovered that the IPv6 implementation in the Linux kernel\ncontained a NULL pointer dereference vulnerability in certain situations. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2023-0394)\n\nJordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the\ndo_prlimit() function in the Linux kernel did not properly handle\nspeculative execution barriers. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2023-0458)\n\nJordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did\nnot properly implement speculative execution barriers in usercopy functions\nin certain situations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2023-0459)\n\nIt was discovered that the Human Interface Device (HID) support driver in\nthe Linux kernel contained a type confusion vulnerability in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2023-1073)\n\nIt was discovered that a memory leak existed in the SCTP protocol\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2023-1074)\n\nIt was discovered that the TLS subsystem in the Linux kernel contained a\ntype confusion vulnerability in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly expose\nsensitive information. (CVE-2023-1075)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel contained a type confusion vulnerability\nin some situations. An attacker could use this to cause a denial of service\n(system crash). (CVE-2023-1078)\n\nXingyuan Mo discovered that the x86 KVM implementation in the Linux kernel\ndid not properly initialize some data structures. A local attacker could\nuse this to expose sensitive information (kernel memory). (CVE-2023-1513)\n\nIt was discovered that the NFS implementation in the Linux kernel did not\nproperly handle pending tasks in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or expose sensitive\ninformation (kernel memory). (CVE-2023-1652)\n\nIt was discovered that the ARM64 EFI runtime services implementation in the\nLinux kernel did not properly manage concurrency calls. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2023-21102)\n\nIt was discovered that a race condition existed in Adreno GPU DRM driver in\nthe Linux kernel, leading to a double-free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2023-21106)\n\nIt was discovered that a use-after-free vulnerability existed in the iSCSI\nTCP implementation in the Linux kernel. A local attacker could possibly use\nthis to cause a denial of service (system crash). (CVE-2023-2162)\n\nKyle Zeng discovered that the class-based queuing discipline implementation\nin the Linux kernel contained a type confusion vulnerability in some\nsituations. An attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-23454)\n\nKyle Zeng discovered that the ATM VC queuing discipline implementation in\nthe Linux kernel contained a type confusion vulnerability in some\nsituations. An attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-23455)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel did not properly validate the size of attributes when parsing MFT. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or expose sensitive information (kernel memory). (CVE-2023-26544)\n\nIt was discovered that the NET/ROM protocol implementation in the Linux\nkernel contained a race condition in some situations, leading to a use-\nafter-free vulnerability. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-32269)\n\nDuoming Zhou discovered that a race condition existed in the infrared\nreceiver/transceiver driver in the Linux kernel, leading to a use-after-\nfree vulnerability. A privileged attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-1118)\n\n",
  "id": "USN-6096-1",
  "modified": "2026-06-03T10:45:33Z",
  "published": "2023-05-22T19:58:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-6096-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-3707"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-4129"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-4842"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-27672"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-36280"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-48423"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-48424"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-0210"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-0394"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-0458"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-0459"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1073"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1074"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1075"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1078"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1118"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1513"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1652"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2162"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-21102"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-21106"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-23454"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-23455"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-26544"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-32269"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-gcp, linux-hwe-5.19 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2022-3707",
    "UBUNTU-CVE-2022-4129",
    "UBUNTU-CVE-2022-4842",
    "UBUNTU-CVE-2022-27672",
    "UBUNTU-CVE-2022-36280",
    "UBUNTU-CVE-2022-48423",
    "UBUNTU-CVE-2022-48424",
    "UBUNTU-CVE-2023-0210",
    "UBUNTU-CVE-2023-0394",
    "UBUNTU-CVE-2023-0458",
    "UBUNTU-CVE-2023-0459",
    "UBUNTU-CVE-2023-1073",
    "UBUNTU-CVE-2023-1074",
    "UBUNTU-CVE-2023-1075",
    "UBUNTU-CVE-2023-1078",
    "UBUNTU-CVE-2023-1118",
    "UBUNTU-CVE-2023-1513",
    "UBUNTU-CVE-2023-1652",
    "UBUNTU-CVE-2023-2162",
    "UBUNTU-CVE-2023-21102",
    "UBUNTU-CVE-2023-21106",
    "UBUNTU-CVE-2023-23454",
    "UBUNTU-CVE-2023-23455",
    "UBUNTU-CVE-2023-26544",
    "UBUNTU-CVE-2023-32269"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…