USN-6462-2

Details

Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597)

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772)

It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132)

Affected Packages

Ubuntu:20.04:LTSlinux-iot

Fixed in:

5.4.0-1025.26

References

REPORThttps://ubuntu.com/security/CVE-2023-0597 REPORThttps://ubuntu.com/security/CVE-2023-31083 REPORThttps://ubuntu.com/security/CVE-2023-3772 REPORThttps://ubuntu.com/security/CVE-2023-4132 ADVISORYhttps://ubuntu.com/security/notices/USN-6462-2

USN-6462-2

Details

Affected Packages

References

Upstream

Ecosystems

Timeline