usn-6607-1
Vulnerability from osv_ubuntu
Published
2024-01-25 23:35
Modified
2026-06-03 10:45
Summary
linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities
Details

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5345)

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not properly validate network family support while creating a new netfilter table. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6040)

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly check deactivated elements in certain situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-0193)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2023-5345",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6040",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6606",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6817",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6931",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-0193",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-azure-5.15-cloud-tools-5.15.0-1054",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-azure-5.15-headers-5.15.0-1054",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-azure-5.15-tools-5.15.0-1054",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-buildinfo-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-cloud-tools-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-headers-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-image-unsigned-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-modules-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-modules-extra-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          },
          {
            "binary_name": "linux-tools-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62~20.04.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "linux-azure-5.15",
        "purl": "pkg:deb/ubuntu/linux-azure-5.15@5.15.0-1054.62~20.04.1?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.15.0-1054.62~20.04.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.15.0-1007.8~20.04.1",
        "5.15.0-1008.9~20.04.1",
        "5.15.0-1013.16~20.04.1",
        "5.15.0-1014.17~20.04.1",
        "5.15.0-1017.20~20.04.1",
        "5.15.0-1019.24~20.04.1",
        "5.15.0-1020.25~20.04.1",
        "5.15.0-1021.26~20.04.1",
        "5.15.0-1022.27~20.04.1",
        "5.15.0-1023.29~20.04.1",
        "5.15.0-1029.36~20.04.1",
        "5.15.0-1030.37~20.04.1",
        "5.15.0-1031.38~20.04.1",
        "5.15.0-1033.40~20.04.1",
        "5.15.0-1034.41~20.04.1",
        "5.15.0-1035.42~20.04.1",
        "5.15.0-1036.43~20.04.1",
        "5.15.0-1037.44~20.04.1",
        "5.15.0-1038.45~20.04.1",
        "5.15.0-1039.46~20.04.1",
        "5.15.0-1040.47~20.04.1",
        "5.15.0-1041.48~20.04.1",
        "5.15.0-1042.49~20.04.1",
        "5.15.0-1043.50~20.04.1",
        "5.15.0-1045.52~20.04.1",
        "5.15.0-1046.53~20.04.1",
        "5.15.0-1047.54~20.04.1",
        "5.15.0-1049.56~20.04.1",
        "5.15.0-1050.57~20.04.1",
        "5.15.0-1051.59~20.04.1",
        "5.15.0-1052.60~20.04.1",
        "5.15.0-1053.61~20.04.1"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2023-5345",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6040",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6606",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6817",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6931",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-0193",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-image-unsigned-5.15.0-1054-azure-fde",
            "binary_version": "5.15.0-1054.62~20.04.1.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "linux-azure-fde-5.15",
        "purl": "pkg:deb/ubuntu/linux-azure-fde-5.15@5.15.0-1054.62~20.04.1.1?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.15.0-1054.62~20.04.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.15.0-1019.24~20.04.1.1",
        "5.15.0-1020.25~20.04.1.1",
        "5.15.0-1021.26~20.04.1.1",
        "5.15.0-1029.36~20.04.1.1",
        "5.15.0-1030.37~20.04.1.1",
        "5.15.0-1031.38~20.04.1.1",
        "5.15.0-1033.40~20.04.1.1",
        "5.15.0-1034.41~20.04.1.2",
        "5.15.0-1035.42~20.04.1.1",
        "5.15.0-1036.43~20.04.1.1",
        "5.15.0-1037.44~20.04.1.1",
        "5.15.0-1038.45~20.04.1.1",
        "5.15.0-1039.46~20.04.1.1",
        "5.15.0-1040.47~20.04.1.1",
        "5.15.0-1041.48~20.04.1.1",
        "5.15.0-1042.49~20.04.1.1",
        "5.15.0-1043.50~20.04.1.1",
        "5.15.0-1046.53~20.04.1.1",
        "5.15.0-1047.54~20.04.1.1",
        "5.15.0-1049.56~20.04.1.1",
        "5.15.0-1050.57~20.04.1.1",
        "5.15.0-1051.59~20.04.1.1",
        "5.15.0-1052.60~20.04.1.1",
        "5.15.0-1053.61~20.04.1.1"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2023-5345",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6040",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6606",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6817",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6931",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-0193",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-azure-cloud-tools-5.15.0-1054",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-azure-headers-5.15.0-1054",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-azure-tools-5.15.0-1054",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-buildinfo-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-cloud-tools-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-headers-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-image-unsigned-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-modules-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-modules-extra-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          },
          {
            "binary_name": "linux-tools-5.15.0-1054-azure",
            "binary_version": "5.15.0-1054.62"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "linux-azure",
        "purl": "pkg:deb/ubuntu/linux-azure@5.15.0-1054.62?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.15.0-1054.62"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.13.0-1006.7",
        "5.15.0-1001.2",
        "5.15.0-1002.3",
        "5.15.0-1003.4",
        "5.15.0-1005.6",
        "5.15.0-1007.8",
        "5.15.0-1008.9",
        "5.15.0-1010.12",
        "5.15.0-1012.15",
        "5.15.0-1013.16",
        "5.15.0-1014.17",
        "5.15.0-1017.20",
        "5.15.0-1019.24",
        "5.15.0-1020.25",
        "5.15.0-1021.26",
        "5.15.0-1022.27",
        "5.15.0-1023.29",
        "5.15.0-1024.30",
        "5.15.0-1029.36",
        "5.15.0-1030.37",
        "5.15.0-1031.38",
        "5.15.0-1033.40",
        "5.15.0-1034.41",
        "5.15.0-1035.42",
        "5.15.0-1036.43",
        "5.15.0-1037.44",
        "5.15.0-1038.45",
        "5.15.0-1039.46",
        "5.15.0-1040.47",
        "5.15.0-1041.48",
        "5.15.0-1042.49",
        "5.15.0-1044.51",
        "5.15.0-1045.52",
        "5.15.0-1046.53",
        "5.15.0-1047.54",
        "5.15.0-1049.56",
        "5.15.0-1050.57",
        "5.15.0-1051.59",
        "5.15.0-1052.60",
        "5.15.0-1053.61"
      ]
    },
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2023-5345",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6040",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6606",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6817",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6931",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-6932",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2024-0193",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-image-unsigned-5.15.0-1054-azure-fde",
            "binary_version": "5.15.0-1054.62.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "linux-azure-fde",
        "purl": "pkg:deb/ubuntu/linux-azure-fde@5.15.0-1054.62.1?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.15.0-1054.62.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.15.0-1019.24.1",
        "5.15.0-1024.30.1",
        "5.15.0-1029.36.1",
        "5.15.0-1030.37.1",
        "5.15.0-1031.38.1",
        "5.15.0-1033.40.1",
        "5.15.0-1034.41.1",
        "5.15.0-1035.42.1",
        "5.15.0-1036.43.1",
        "5.15.0-1037.44.1",
        "5.15.0-1038.45.1",
        "5.15.0-1039.46.1",
        "5.15.0-1041.48.1",
        "5.15.0-1042.49.1",
        "5.15.0-1044.51.1",
        "5.15.0-1045.52.1",
        "5.15.0-1046.53.1",
        "5.15.0-1047.54.1",
        "5.15.0-1049.56.1",
        "5.15.0-1050.57.1",
        "5.15.0-1051.59.1",
        "5.15.0-1052.60.1",
        "5.15.0-1053.61.1"
      ]
    }
  ],
  "aliases": [],
  "details": "\nIt was discovered that the SMB network file sharing protocol implementation\nin the Linux kernel did not properly handle certain error conditions,\nleading to a use-after-free vulnerability. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2023-5345)\n\nLin Ma discovered that the netfilter subsystem in the Linux kernel did not\nproperly validate network family support while creating a new netfilter\ntable. A local attacker could use this to cause a denial of service or\npossibly execute arbitrary code. (CVE-2023-6040)\n\nIt was discovered that the CIFS network file system implementation in the\nLinux kernel did not properly validate the server frame size in certain\nsituation, leading to an out-of-bounds read vulnerability. An attacker\ncould use this to construct a malicious CIFS image that, when operated on,\ncould cause a denial of service (system crash) or possibly expose sensitive\ninformation. (CVE-2023-6606)\n\nXingyuan Mo discovered that the netfilter subsystem in the Linux kernel did\nnot properly handle inactive elements in its PIPAPO data structure, leading\nto a use-after-free vulnerability. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2023-6817)\n\nBudimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf\nsubsystem in the Linux kernel did not properly validate all event sizes\nwhen attaching new events, leading to an out-of-bounds write vulnerability.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-6931)\n\nIt was discovered that the IGMP protocol implementation in the Linux kernel\ncontained a race condition, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-6932)\n\nKevin Rich discovered that the netfilter subsystem in the Linux kernel did\nnot properly check deactivated elements in certain situations, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2024-0193)\n\n",
  "id": "USN-6607-1",
  "modified": "2026-06-03T10:45:37Z",
  "published": "2024-01-25T23:35:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-6607-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-5345"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-6040"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-6606"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-6817"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-6931"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-6932"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2024-0193"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2023-5345",
    "UBUNTU-CVE-2023-6040",
    "UBUNTU-CVE-2023-6606",
    "UBUNTU-CVE-2023-6817",
    "UBUNTU-CVE-2023-6931",
    "UBUNTU-CVE-2023-6932",
    "UBUNTU-CVE-2024-0193"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…