LSN-0098-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/LSN-0098-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/lsn/LSN-0098-1.json

JSON Data

https://api.osv.dev/v1/vulns/LSN-0098-1

Related

Published

2023-10-10T11:09:35Z

Modified

2023-10-10T11:09:35Z

Summary

Kernel Live Patch Security Notice

Details

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3090)

It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory).(CVE-2023-3567)

It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3609)

It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3777)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.(CVE-2023-4004)

It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-4128)

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-21400)

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-40283)

References

Affected packages

Ubuntu:Pro:14.04:LTS / linux-lts-xenial

Package

Name: linux-lts-xenial
Purl: pkg:deb/ubuntu/linux-lts-xenial@4.4.0-245.279~14.04.1?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-245.279~14.04.1

Affected versions

4.*

4.4.0-13.29~14.04.1

4.4.0-14.30~14.04.2

4.4.0-15.31~14.04.1

4.4.0-18.34~14.04.1

4.4.0-21.37~14.04.1

4.4.0-22.39~14.04.1

4.4.0-22.40~14.04.1

4.4.0-24.43~14.04.1

4.4.0-28.47~14.04.1

4.4.0-31.50~14.04.1

4.4.0-34.53~14.04.1

4.4.0-36.55~14.04.1

4.4.0-38.57~14.04.1

4.4.0-42.62~14.04.1

4.4.0-45.66~14.04.1

4.4.0-47.68~14.04.1

4.4.0-51.72~14.04.1

4.4.0-53.74~14.04.1

4.4.0-57.78~14.04.1

4.4.0-59.80~14.04.1

4.4.0-62.83~14.04.1

4.4.0-63.84~14.04.2

4.4.0-64.85~14.04.1

4.4.0-66.87~14.04.1

4.4.0-67.88~14.04.1

4.4.0-70.91~14.04.1

4.4.0-71.92~14.04.1

4.4.0-72.93~14.04.1

4.4.0-75.96~14.04.1

4.4.0-78.99~14.04.2

4.4.0-79.100~14.04.1

4.4.0-81.104~14.04.1

4.4.0-83.106~14.04.1

4.4.0-87.110~14.04.1

4.4.0-89.112~14.04.1

4.4.0-91.114~14.04.1

4.4.0-92.115~14.04.1

4.4.0-93.116~14.04.1

4.4.0-96.119~14.04.1

4.4.0-97.120~14.04.1

4.4.0-98.121~14.04.1

4.4.0-101.124~14.04.1

4.4.0-103.126~14.04.1

4.4.0-104.127~14.04.1

4.4.0-108.131~14.04.1

4.4.0-109.132~14.04.1

4.4.0-111.134~14.04.1

4.4.0-112.135~14.04.1

4.4.0-116.140~14.04.1

4.4.0-119.143~14.04.1

4.4.0-121.145~14.04.1

4.4.0-124.148~14.04.1

4.4.0-127.153~14.04.1

4.4.0-128.154~14.04.1

4.4.0-130.156~14.04.1

4.4.0-131.157~14.04.1

4.4.0-133.159~14.04.1

4.4.0-134.160~14.04.1

4.4.0-135.161~14.04.1

4.4.0-137.163~14.04.1

4.4.0-138.164~14.04.1

4.4.0-139.165~14.04.1

4.4.0-140.166~14.04.1

4.4.0-141.167~14.04.1

4.4.0-142.168~14.04.1

4.4.0-143.169~14.04.2

4.4.0-144.170~14.04.1

4.4.0-146.172~14.04.1

4.4.0-148.174~14.04.1

4.4.0-164.192~14.04.1

4.4.0-165.193~14.04.1

4.4.0-166.195~14.04.1

4.4.0-168.197~14.04.1

4.4.0-169.198~14.04.1

4.4.0-170.199~14.04.1

4.4.0-171.200~14.04.1

4.4.0-173.203~14.04.1

4.4.0-174.204~14.04.1

4.4.0-176.206~14.04.1

4.4.0-177.207~14.04.1

4.4.0-178.208~14.04.1

4.4.0-179.209~14.04.1

4.4.0-184.214~14.04.1

4.4.0-185.215~14.04.1

4.4.0-186.216~14.04.1

4.4.0-187.217~14.04.1

4.4.0-189.219~14.04.1

4.4.0-190.220~14.04.1

4.4.0-193.224~14.04.1

4.4.0-194.226~14.04.1

4.4.0-197.229~14.04.1

4.4.0-198.230~14.04.1

4.4.0-200.232~14.04.1

4.4.0-201.233~14.04.1

4.4.0-203.235~14.04.1

4.4.0-204.236~14.04.1

4.4.0-206.238~14.04.1

4.4.0-208.240~14.04.1

4.4.0-209.241~14.04.1

4.4.0-210.242~14.04.1

4.4.0-211.243~14.04.1

4.4.0-212.244~14.04.1

4.4.0-213.245~14.04.1

4.4.0-214.246~14.04.1

4.4.0-215.247~14.04.1

4.4.0-218.251~14.04.1

4.4.0-219.252~14.04.1

4.4.0-221.254~14.04.1

4.4.0-222.255~14.04.1

4.4.0-223.256~14.04.1

4.4.0-224.257~14.04.1

4.4.0-227.261~14.04.1

4.4.0-229.263~14.04.1

4.4.0-230.264~14.04.1

4.4.0-231.265~14.04.1

4.4.0-233.267~14.04.1

4.4.0-234.268~14.04.1

4.4.0-235.269~14.04.1

4.4.0-236.270~14.04.1

4.4.0-237.271~14.04.1

4.4.0-239.273~14.04.1

4.4.0-240.274~14.04.1

4.4.0-241.275~14.04.1

4.4.0-242.276~14.04.1

4.4.0-243.277~14.04.1

4.4.0-244.278~14.04.1

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_4_0[_|\\d]+_(?:generic|lowlatency)_(\\d+)"
}

Ubuntu:Pro:16.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@4.4.0-1161.176?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.0-1161.176

Affected versions

4.*

4.4.0-1001.10

4.4.0-1003.12

4.4.0-1004.13

4.4.0-1007.16

4.4.0-1009.18

4.4.0-1011.20

4.4.0-1012.21

4.4.0-1013.22

4.4.0-1016.25

4.4.0-1017.26

4.4.0-1018.27

4.4.0-1020.29

4.4.0-1022.31

4.4.0-1026.35

4.4.0-1028.37

4.4.0-1030.39

4.4.0-1031.40

4.4.0-1032.41

4.4.0-1035.44

4.4.0-1037.46

4.4.0-1038.47

4.4.0-1039.48

4.4.0-1041.50

4.4.0-1043.52

4.4.0-1044.53

4.4.0-1047.56

4.4.0-1048.57

4.4.0-1049.58

4.4.0-1050.59

4.4.0-1052.61

4.4.0-1054.63

4.4.0-1055.64

4.4.0-1057.66

4.4.0-1060.69

4.4.0-1061.70

4.4.0-1062.71

4.4.0-1063.72

4.4.0-1065.75

4.4.0-1066.76

4.4.0-1067.77

4.4.0-1069.79

4.4.0-1070.80

4.4.0-1072.82

4.4.0-1073.83

4.4.0-1074.84

4.4.0-1075.85

4.4.0-1077.87

4.4.0-1079.89

4.4.0-1081.91

4.4.0-1083.93

4.4.0-1084.94

4.4.0-1085.96

4.4.0-1087.98

4.4.0-1088.99

4.4.0-1090.101

4.4.0-1092.103

4.4.0-1094.105

4.4.0-1095.106

4.4.0-1096.107

4.4.0-1098.109

4.4.0-1099.110

4.4.0-1100.111

4.4.0-1101.112

4.4.0-1102.113

4.4.0-1104.115

4.4.0-1105.116

4.4.0-1106.117

4.4.0-1107.118

4.4.0-1109.120

4.4.0-1110.121

4.4.0-1111.123

4.4.0-1112.124

4.4.0-1113.126

4.4.0-1114.127

4.4.0-1117.131

4.4.0-1118.132

4.4.0-1119.133

4.4.0-1121.135

4.4.0-1122.136

4.4.0-1123.137

4.4.0-1124.138

4.4.0-1126.140

4.4.0-1127.141

4.4.0-1128.142

4.4.0-1129.143

4.4.0-1130.144

4.4.0-1131.145

4.4.0-1132.146

4.4.0-1133.147

4.4.0-1134.148

4.4.0-1135.149

4.4.0-1137.151

4.4.0-1138.152

4.4.0-1139.153

4.4.0-1140.154

4.4.0-1143.158

4.4.0-1145.160

4.4.0-1146.161

4.4.0-1147.162

4.4.0-1148.163

4.4.0-1150.165

4.4.0-1151.166

4.4.0-1152.167

4.4.0-1153.168

4.4.0-1154.169

4.4.0-1155.170

4.4.0-1156.171

4.4.0-1157.172

4.4.0-1158.173

4.4.0-1159.174

4.4.0-1160.175

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_4_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:18.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@4.15.0-1161.174?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.15.0-1161.174

Affected versions

4.*

4.15.0-1001.1

4.15.0-1003.3

4.15.0-1005.5

4.15.0-1006.6

4.15.0-1007.7

4.15.0-1009.9

4.15.0-1010.10

4.15.0-1011.11

4.15.0-1016.16

4.15.0-1017.17

4.15.0-1019.19

4.15.0-1020.20

4.15.0-1021.21

4.15.0-1023.23

4.15.0-1025.25

4.15.0-1027.27

4.15.0-1029.30

4.15.0-1031.33

4.15.0-1032.34

4.15.0-1033.35

4.15.0-1034.36

4.15.0-1035.37

4.15.0-1037.39

4.15.0-1039.41

4.15.0-1040.42

4.15.0-1041.43

4.15.0-1043.45

4.15.0-1044.46

4.15.0-1045.47

4.15.0-1047.49

4.15.0-1048.50

4.15.0-1050.52

4.15.0-1051.53

4.15.0-1052.54

4.15.0-1054.56

4.15.0-1056.58

4.15.0-1057.59

4.15.0-1058.60

4.15.0-1060.62

4.15.0-1063.67

4.15.0-1065.69

4.15.0-1066.70

4.15.0-1067.71

4.15.0-1073.77

4.15.0-1076.80

4.15.0-1077.81

4.15.0-1079.83

4.15.0-1080.84

4.15.0-1082.86

4.15.0-1083.87

4.15.0-1086.91

4.15.0-1087.92

4.15.0-1088.93

4.15.0-1090.95

4.15.0-1091.96

4.15.0-1092.98

4.15.0-1093.99

4.15.0-1094.101

4.15.0-1095.102

4.15.0-1096.103

4.15.0-1097.104

4.15.0-1098.105

4.15.0-1099.106

4.15.0-1101.108

4.15.0-1102.109

4.15.0-1103.110

4.15.0-1106.113

4.15.0-1109.116

4.15.0-1110.117

4.15.0-1111.118

4.15.0-1112.119

4.15.0-1114.121

4.15.0-1115.122

4.15.0-1116.123

4.15.0-1118.125

4.15.0-1119.127

4.15.0-1121.129

4.15.0-1123.132

4.15.0-1124.133

4.15.0-1126.135

4.15.0-1127.136

4.15.0-1128.137

4.15.0-1130.139

4.15.0-1133.143

4.15.0-1136.147

4.15.0-1137.148

4.15.0-1139.150

4.15.0-1140.151

4.15.0-1141.152

4.15.0-1142.154

4.15.0-1143.155

4.15.0-1144.156

4.15.0-1146.158

4.15.0-1147.159

4.15.0-1148.160

4.15.0-1150.163

4.15.0-1151.164

4.15.0-1153.166

4.15.0-1154.167

4.15.0-1155.168

4.15.0-1156.169

4.15.0-1157.170

4.15.0-1158.171

4.15.0-1159.172

4.15.0-1160.173

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_4_15_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:20.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@5.4.0-1110.119?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.0-1110.119

Affected versions

5.*

5.3.0-1003.3

5.3.0-1008.9

5.3.0-1009.10

5.3.0-1010.11

5.4.0-1005.5

5.4.0-1007.7

5.4.0-1008.8

5.4.0-1009.9

5.4.0-1011.11

5.4.0-1015.15

5.4.0-1017.17

5.4.0-1018.18

5.4.0-1020.20

5.4.0-1021.21

5.4.0-1022.22

5.4.0-1024.24

5.4.0-1025.25

5.4.0-1028.29

5.4.0-1029.30

5.4.0-1030.31

5.4.0-1032.33

5.4.0-1034.35

5.4.0-1035.37

5.4.0-1037.39

5.4.0-1038.40

5.4.0-1039.41

5.4.0-1041.43

5.4.0-1043.45

5.4.0-1045.47

5.4.0-1047.49

5.4.0-1048.50

5.4.0-1049.51

5.4.0-1051.53

5.4.0-1054.57

5.4.0-1055.58

5.4.0-1056.59

5.4.0-1057.60

5.4.0-1058.61

5.4.0-1059.62

5.4.0-1060.63

5.4.0-1061.64

5.4.0-1063.66

5.4.0-1064.67

5.4.0-1065.68

5.4.0-1066.69

5.4.0-1068.72

5.4.0-1069.73

5.4.0-1071.76

5.4.0-1072.77

5.4.0-1073.78

5.4.0-1075.80

5.4.0-1078.84

5.4.0-1080.87

5.4.0-1081.88

5.4.0-1083.90

5.4.0-1084.91

5.4.0-1085.92

5.4.0-1086.93

5.4.0-1088.96

5.4.0-1089.97

5.4.0-1092.100

5.4.0-1093.101

5.4.0-1094.102

5.4.0-1096.104

5.4.0-1097.105

5.4.0-1099.107

5.4.0-1100.108

5.4.0-1101.109

5.4.0-1102.110

5.4.0-1103.111

5.4.0-1104.112

5.4.0-1105.113

5.4.0-1106.114

5.4.0-1107.115

5.4.0-1108.116

5.4.0-1109.118

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_5_4_0[_|\\d]+_aws_(\\d+)"
}

Ubuntu:Pro:22.04:LTS / linux-aws

Package

Name: linux-aws
Purl: pkg:deb/ubuntu/linux-aws@5.15.0-1045.50?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.0-1045.50

Affected versions

5.*

5.13.0-1005.6

5.15.0-1002.4

5.15.0-1003.5

5.15.0-1004.6

5.15.0-1005.7

5.15.0-1008.10

5.15.0-1009.11

5.15.0-1011.14

5.15.0-1013.17

5.15.0-1014.18

5.15.0-1015.19

5.15.0-1017.21

5.15.0-1019.23

5.15.0-1020.24

5.15.0-1021.25

5.15.0-1022.26

5.15.0-1023.27

5.15.0-1026.30

5.15.0-1027.31

5.15.0-1028.32

5.15.0-1030.34

5.15.0-1031.35

5.15.0-1033.37

5.15.0-1034.38

5.15.0-1035.39

5.15.0-1036.40

5.15.0-1037.41

5.15.0-1038.43

5.15.0-1039.44

5.15.0-1040.45

5.15.0-1042.47

5.15.0-1043.48

5.15.0-1044.49

Ecosystem specific

{
    "availability": "Livepatch subscription required",
    "module_name_regex": "lkp_Ubuntu_5_15_0[_|\\d]+_aws_(\\d+)"
}