USN-6495-1

Details

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085)

Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871)

Affected Packages

Ubuntu:20.04:LTSlinux

Fixed in:

5.4.0-167.184

Ubuntu:20.04:LTSlinux-aws

Fixed in:

5.4.0-1114.124

Ubuntu:20.04:LTSlinux-bluefield

Fixed in:

5.4.0-1075.81

Ubuntu:20.04:LTSlinux-ibm

Fixed in:

5.4.0-1061.66

Ubuntu:20.04:LTSlinux-iot

Fixed in:

5.4.0-1026.27

Ubuntu:20.04:LTSlinux-kvm

Fixed in:

5.4.0-1103.110

Ubuntu:20.04:LTSlinux-oracle

Fixed in:

5.4.0-1113.122

Ubuntu:20.04:LTSlinux-raspi

Fixed in:

5.4.0-1098.110

Ubuntu:20.04:LTSlinux-xilinx-zynqmp

Fixed in:

5.4.0-1034.38

Ubuntu:Pro:18.04:LTSlinux-aws-5.4

Fixed in:

5.4.0-1114.124~18.04.1

Ubuntu:Pro:18.04:LTSlinux-hwe-5.4

Fixed in:

5.4.0-167.184~18.04.1

Ubuntu:Pro:18.04:LTSlinux-ibm-5.4

Fixed in:

5.4.0-1061.66~18.04.1

Ubuntu:Pro:18.04:LTSlinux-oracle-5.4

Fixed in:

5.4.0-1113.122~18.04.1

Ubuntu:Pro:18.04:LTSlinux-raspi-5.4

Fixed in:

5.4.0-1098.110~18.04.2

References

REPORThttps://ubuntu.com/security/CVE-2023-31085 REPORThttps://ubuntu.com/security/CVE-2023-45871 ADVISORYhttps://ubuntu.com/security/notices/USN-6495-1

USN-6495-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline