USN-6604-2

See a problem?

Source

https://ubuntu.com/security/notices/USN-6604-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6604-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6604-2

Related

CVE-2023-1079
CVE-2023-20588
CVE-2023-45863
CVE-2023-6606
CVE-2023-6931
CVE-2023-6932
UBUNTU-CVE-2023-1079
UBUNTU-CVE-2023-20588
UBUNTU-CVE-2023-45863
UBUNTU-CVE-2023-6606
UBUNTU-CVE-2023-6931
UBUNTU-CVE-2023-6932

Published

2024-01-29T22:27:15.850224Z

Modified

2024-01-29T22:27:15.850224Z

Summary

linux-azure, linux-azure-4.15 vulnerabilities

Details

It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079)

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588)

It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863)

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6606)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf subsystem in the Linux kernel did not properly validate all event sizes when attaching new events, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6932)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-azure

Package

Name: linux-azure
Purl: pkg:deb/ubuntu/linux-azure@4.15.0-1173.188~14.04.1?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15.0-1173.188~14.04.1

Affected versions

4.*

4.15.0-1023.24~14.04.1

4.15.0-1030.31~14.04.1

4.15.0-1031.32~14.04.1

4.15.0-1032.33~14.04.2

4.15.0-1035.36~14.04.2

4.15.0-1036.38~14.04.2

4.15.0-1037.39~14.04.2

4.15.0-1039.41~14.04.2

4.15.0-1040.44~14.04.1

4.15.0-1041.45~14.04.1

4.15.0-1042.46~14.04.1

4.15.0-1045.49~14.04.1

4.15.0-1059.64~14.04.1

4.15.0-1060.65~14.04.1

4.15.0-1061.66~14.04.1

4.15.0-1063.68~14.04.1

4.15.0-1064.69~14.04.1

4.15.0-1066.71~14.04.1

4.15.0-1067.72~14.04.1

4.15.0-1069.74~14.04.1

4.15.0-1071.76~14.04.1

4.15.0-1074.79~14.04.1

4.15.0-1077.82~14.04.1

4.15.0-1082.92~14.04.1

4.15.0-1083.93~14.04.1

4.15.0-1089.99~14.04.1

4.15.0-1091.101~14.04.1

4.15.0-1092.102~14.04.1

4.15.0-1093.103~14.04.1

4.15.0-1095.105~14.04.1

4.15.0-1096.106~14.04.1

4.15.0-1098.109~14.04.1

4.15.0-1100.111~14.04.1

4.15.0-1102.113~14.04.1

4.15.0-1103.114~14.04.1

4.15.0-1106.118~14.04.1

4.15.0-1108.120~14.04.1

4.15.0-1109.121~14.04.1

4.15.0-1110.122~14.04.1

4.15.0-1111.123~14.04.1

4.15.0-1112.124~14.04.1

4.15.0-1113.126~14.04.1

4.15.0-1114.127~14.04.1

4.15.0-1115.128~14.04.1

4.15.0-1118.131~14.04.1

4.15.0-1121.134~14.04.1

4.15.0-1122.135~14.04.1

4.15.0-1123.136~14.04.1

4.15.0-1124.137~14.04.1

4.15.0-1125.138~14.04.1

4.15.0-1126.139~14.04.1

4.15.0-1127.140~14.04.1

4.15.0-1129.142~14.04.1

4.15.0-1130.143~14.04.1

4.15.0-1131.144~14.04.1

4.15.0-1133.146~14.04.1

4.15.0-1134.147~14.04.1

4.15.0-1136.149~14.04.1

4.15.0-1137.150~14.04.1

4.15.0-1138.151~14.04.1

4.15.0-1139.152~14.04.1

4.15.0-1142.156~14.04.1

4.15.0-1145.160~14.04.1

4.15.0-1146.161~14.04.1

4.15.0-1149.164~14.04.1

4.15.0-1150.165~14.04.1

4.15.0-1151.166~14.04.1

4.15.0-1153.168~14.04.1

4.15.0-1157.172~14.04.2

4.15.0-1158.173~14.04.1

4.15.0-1159.174~14.04.1

4.15.0-1162.177~14.04.1

4.15.0-1163.178~14.04.1

4.15.0-1164.179~14.04.1

4.15.0-1165.180~14.04.1

4.15.0-1166.181~14.04.1

4.15.0-1167.182~14.04.1

4.15.0-1168.183~14.04.1

4.15.0-1169.184~14.04.1

4.15.0-1170.185~14.04.1

4.15.0-1171.186~14.04.1

4.15.0-1172.187~14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-azure-cloud-tools-4.15.0-1173": "4.15.0-1173.188~14.04.1",
            "linux-azure-tools-4.15.0-1173": "4.15.0-1173.188~14.04.1",
            "linux-modules-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1",
            "linux-headers-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1",
            "linux-azure-headers-4.15.0-1173": "4.15.0-1173.188~14.04.1",
            "linux-buildinfo-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1",
            "linux-modules-extra-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1",
            "linux-tools-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1",
            "linux-image-unsigned-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1",
            "linux-image-unsigned-4.15.0-1173-azure-dbgsym": "4.15.0-1173.188~14.04.1",
            "linux-cloud-tools-4.15.0-1173-azure": "4.15.0-1173.188~14.04.1"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / linux-azure

Package

Name: linux-azure
Purl: pkg:deb/ubuntu/linux-azure@4.15.0-1173.188~16.04.1?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15.0-1173.188~16.04.1

Affected versions

4.*

4.11.0-1009.9

4.11.0-1011.11

4.11.0-1013.13

4.11.0-1014.14

4.11.0-1015.15

4.11.0-1016.16

4.13.0-1005.7

4.13.0-1006.8

4.13.0-1007.9

4.13.0-1009.12

4.13.0-1011.14

4.13.0-1012.15

4.13.0-1014.17

4.13.0-1016.19

4.13.0-1018.21

4.15.0-1013.13~16.04.2

4.15.0-1014.14~16.04.1

4.15.0-1018.18~16.04.1

4.15.0-1019.19~16.04.1

4.15.0-1021.21~16.04.1

4.15.0-1022.22~16.04.1

4.15.0-1023.24~16.04.1

4.15.0-1025.26~16.04.1

4.15.0-1028.29~16.04.1

4.15.0-1030.31~16.04.1

4.15.0-1031.32~16.04.1

4.15.0-1032.33~16.04.1

4.15.0-1035.36~16.04.1

4.15.0-1036.38~16.04.1

4.15.0-1037.39~16.04.1

4.15.0-1039.43

4.15.0-1040.44

4.15.0-1041.45

4.15.0-1042.46

4.15.0-1045.49

4.15.0-1046.50

4.15.0-1047.51

4.15.0-1049.54

4.15.0-1050.55

4.15.0-1051.56

4.15.0-1052.57

4.15.0-1055.60

4.15.0-1056.61

4.15.0-1057.62

4.15.0-1059.64

4.15.0-1060.65

4.15.0-1061.66

4.15.0-1063.68

4.15.0-1064.69

4.15.0-1066.71

4.15.0-1067.72

4.15.0-1069.74

4.15.0-1071.76

4.15.0-1075.80

4.15.0-1077.82

4.15.0-1082.92~16.04.1

4.15.0-1083.93~16.04.1

4.15.0-1089.99~16.04.1

4.15.0-1091.101~16.04.1

4.15.0-1092.102~16.04.1

4.15.0-1093.103~16.04.1

4.15.0-1095.105~16.04.1

4.15.0-1096.106~16.04.1

4.15.0-1098.109~16.04.1

4.15.0-1100.111~16.04.1

4.15.0-1102.113~16.04.1

4.15.0-1103.114~16.04.1

4.15.0-1106.118~16.04.1

4.15.0-1108.120~16.04.1

4.15.0-1109.121~16.04.1

4.15.0-1110.122~16.04.1

4.15.0-1111.123~16.04.1

4.15.0-1112.124~16.04.1

4.15.0-1113.126~16.04.1

4.15.0-1114.127~16.04.1

4.15.0-1115.128~16.04.1

4.15.0-1118.131~16.04.1

4.15.0-1121.134~16.04.1

4.15.0-1122.135~16.04.1

4.15.0-1123.136~16.04.1

4.15.0-1124.137~16.04.1

4.15.0-1125.138~16.04.1

4.15.0-1126.139~16.04.1

4.15.0-1127.140~16.04.1

4.15.0-1129.142~16.04.1

4.15.0-1130.143~16.04.1

4.15.0-1131.144~16.04.1

4.15.0-1133.146~16.04.1

4.15.0-1134.147~16.04.1

4.15.0-1136.149~16.04.1

4.15.0-1137.150~16.04.1

4.15.0-1138.151~16.04.1

4.15.0-1139.152~16.04.1

4.15.0-1142.156~16.04.1

4.15.0-1145.160~16.04.1

4.15.0-1146.161~16.04.1

4.15.0-1149.164~16.04.1

4.15.0-1150.165~16.04.1

4.15.0-1151.166~16.04.1

4.15.0-1153.168~16.04.1

4.15.0-1159.174~16.04.1

4.15.0-1162.177~16.04.1

4.15.0-1163.178~16.04.1

4.15.0-1164.179~16.04.1

4.15.0-1165.180~16.04.1

4.15.0-1166.181~16.04.1

4.15.0-1167.182~16.04.1

4.15.0-1168.183~16.04.1

4.15.0-1169.184~16.04.1

4.15.0-1170.185~16.04.1

4.15.0-1171.186~16.04.1

4.15.0-1172.187~16.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-azure-cloud-tools-4.15.0-1173": "4.15.0-1173.188~16.04.1",
            "linux-azure-tools-4.15.0-1173": "4.15.0-1173.188~16.04.1",
            "linux-modules-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1",
            "linux-headers-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1",
            "linux-azure-headers-4.15.0-1173": "4.15.0-1173.188~16.04.1",
            "linux-buildinfo-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1",
            "linux-modules-extra-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1",
            "linux-tools-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1",
            "linux-image-unsigned-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1",
            "linux-image-unsigned-4.15.0-1173-azure-dbgsym": "4.15.0-1173.188~16.04.1",
            "linux-cloud-tools-4.15.0-1173-azure": "4.15.0-1173.188~16.04.1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / linux-azure-4.15

Package

Name: linux-azure-4.15
Purl: pkg:deb/ubuntu/linux-azure-4.15@4.15.0-1173.188?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15.0-1173.188

Affected versions

4.*

4.15.0-1082.92

4.15.0-1083.93

4.15.0-1089.99

4.15.0-1091.101

4.15.0-1092.102

4.15.0-1093.103

4.15.0-1095.105

4.15.0-1096.106

4.15.0-1099.110

4.15.0-1100.111

4.15.0-1102.113

4.15.0-1103.114

4.15.0-1104.116

4.15.0-1106.118

4.15.0-1108.120

4.15.0-1109.121

4.15.0-1110.122

4.15.0-1111.123

4.15.0-1112.125

4.15.0-1113.126

4.15.0-1114.127

4.15.0-1115.128

4.15.0-1118.131

4.15.0-1121.134

4.15.0-1122.135

4.15.0-1123.136

4.15.0-1124.137

4.15.0-1125.138

4.15.0-1126.139

4.15.0-1127.140

4.15.0-1129.142

4.15.0-1130.143

4.15.0-1131.144

4.15.0-1133.146

4.15.0-1134.147

4.15.0-1136.149

4.15.0-1137.150

4.15.0-1138.151

4.15.0-1139.152

4.15.0-1142.156

4.15.0-1145.160

4.15.0-1146.161

4.15.0-1149.164

4.15.0-1150.165

4.15.0-1151.166

4.15.0-1153.168

4.15.0-1157.172

4.15.0-1158.173

4.15.0-1159.174

4.15.0-1161.176

4.15.0-1162.177

4.15.0-1163.178

4.15.0-1164.179

4.15.0-1165.180

4.15.0-1166.181

4.15.0-1167.182

4.15.0-1168.183

4.15.0-1169.184

4.15.0-1170.185

4.15.0-1171.186

4.15.0-1172.187

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "linux-modules-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-headers-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-azure-4.15-headers-4.15.0-1173": "4.15.0-1173.188",
            "linux-buildinfo-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-modules-extra-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-azure-4.15-cloud-tools-4.15.0-1173": "4.15.0-1173.188",
            "linux-image-unsigned-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-tools-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-azure-4.15-tools-4.15.0-1173": "4.15.0-1173.188",
            "linux-cloud-tools-4.15.0-1173-azure": "4.15.0-1173.188",
            "linux-image-unsigned-4.15.0-1173-azure-dbgsym": "4.15.0-1173.188"
        }
    ]
}