usn-6385-1
Vulnerability from osv_ubuntu
Published
2023-09-19 17:44
Modified
2026-06-03 10:45
Summary
linux-oem-6.0 vulnerabilities
Details

It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672)

William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269)

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit() function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0458)

It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075)

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1076, CVE-2023-4194)

It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380)

It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611)

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002)

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593)

It was discovered that a use-after-free vulnerability existed in the iSCSI TCP implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2162)

Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski discovered that the BPF verifier in the Linux kernel did not properly mark registers for precision tracking in certain situations, leading to an out- of-bounds access vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2163)

It was discovered that the perf subsystem in the Linux kernel contained a use-after-free vulnerability. A privileged local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2235)

Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel contained a null pointer dereference when handling certain messages from user space. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-28328)

It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-2898)

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141)

Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436)

It was discovered that the Qualcomm MSM DPU driver in the Linux kernel did not properly validate memory allocations in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-3220)

It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269)

It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390)

It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609)

It was discovered that the netfilter subsystem in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3610)

It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611)

It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3777)

It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3995)

It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4004)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4015)

It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128)

Maxim Suhanov discovered that the exFAT file system implementation in the Linux kernel did not properly check a file name length, leading to an out- of-bounds write vulnerability. An attacker could use this to construct a malicious exFAT image that, when mounted and operated on, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4273)

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-4569)

References
https://ubuntu.com/security/notices/USN-6385-1 ADVISORY
https://ubuntu.com/security/CVE-2022-4269 REPORT
https://ubuntu.com/security/CVE-2022-27672 REPORT
https://ubuntu.com/security/CVE-2023-0458 REPORT
https://ubuntu.com/security/CVE-2023-1075 REPORT
https://ubuntu.com/security/CVE-2023-1076 REPORT
https://ubuntu.com/security/CVE-2023-1206 REPORT
https://ubuntu.com/security/CVE-2023-1380 REPORT
https://ubuntu.com/security/CVE-2023-1611 REPORT
https://ubuntu.com/security/CVE-2023-2002 REPORT
https://ubuntu.com/security/CVE-2023-2162 REPORT
https://ubuntu.com/security/CVE-2023-2163 REPORT
https://ubuntu.com/security/CVE-2023-2235 REPORT
https://ubuntu.com/security/CVE-2023-2269 REPORT
https://ubuntu.com/security/CVE-2023-2898 REPORT
https://ubuntu.com/security/CVE-2023-3090 REPORT
https://ubuntu.com/security/CVE-2023-3141 REPORT
https://ubuntu.com/security/CVE-2023-3220 REPORT
https://ubuntu.com/security/CVE-2023-3390 REPORT
https://ubuntu.com/security/CVE-2023-3609 REPORT
https://ubuntu.com/security/CVE-2023-3610 REPORT
https://ubuntu.com/security/CVE-2023-3611 REPORT
https://ubuntu.com/security/CVE-2023-3776 REPORT
https://ubuntu.com/security/CVE-2023-3777 REPORT
https://ubuntu.com/security/CVE-2023-3863 REPORT
https://ubuntu.com/security/CVE-2023-3995 REPORT
https://ubuntu.com/security/CVE-2023-4004 REPORT
https://ubuntu.com/security/CVE-2023-4015 REPORT
https://ubuntu.com/security/CVE-2023-4128 REPORT
https://ubuntu.com/security/CVE-2023-4194 REPORT
https://ubuntu.com/security/CVE-2023-4273 REPORT
https://ubuntu.com/security/CVE-2023-4569 REPORT
https://ubuntu.com/security/CVE-2023-20593 REPORT
https://ubuntu.com/security/CVE-2023-28328 REPORT
https://ubuntu.com/security/CVE-2023-28466 REPORT
https://ubuntu.com/security/CVE-2023-31436 REPORT
https://ubuntu.com/security/CVE-2023-32269 REPORT
https://ubuntu.com/security/CVE-2023-40283 REPORT

{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2022-4269",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2022-27672",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-0458",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1075",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1076",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1206",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1380",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-1611",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2002",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2162",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2163",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2235",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2269",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-2898",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3090",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3141",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "low",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3220",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3390",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3609",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3610",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3611",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3776",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3777",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3863",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-3995",
              "severity": [
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-4004",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-4015",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-4128",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-4273",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-4569",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-20593",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-28328",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-28466",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-31436",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-32269",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2023-40283",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "high",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:22.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "linux-buildinfo-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-headers-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-image-unsigned-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-modules-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-modules-ipu6-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-modules-ivsc-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-modules-iwlwifi-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-oem-6.0-headers-6.0.0-1021",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-oem-6.0-tools-6.0.0-1021",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-oem-6.0-tools-host",
            "binary_version": "6.0.0-1021.21"
          },
          {
            "binary_name": "linux-tools-6.0.0-1021-oem",
            "binary_version": "6.0.0-1021.21"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "linux-oem-6.0",
        "purl": "pkg:deb/ubuntu/linux-oem-6.0@6.0.0-1021.21?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.0-1021.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6.0.0-1006.6",
        "6.0.0-1007.7",
        "6.0.0-1008.8",
        "6.0.0-1009.9",
        "6.0.0-1010.10",
        "6.0.0-1011.11",
        "6.0.0-1012.12",
        "6.0.0-1013.13",
        "6.0.0-1014.14",
        "6.0.0-1015.15",
        "6.0.0-1016.16",
        "6.0.0-1017.17",
        "6.0.0-1018.18",
        "6.0.0-1019.19",
        "6.0.0-1020.20"
      ]
    }
  ],
  "aliases": [],
  "details": "\nIt was discovered that some AMD x86-64 processors with SMT enabled could\nspeculatively execute instructions using a return address from a sibling\nthread. A local attacker could possibly use this to expose sensitive\ninformation. (CVE-2022-27672)\n\nWilliam Zhao discovered that the Traffic Control (TC) subsystem in the\nLinux kernel did not properly handle network packet retransmission in\ncertain situations. A local attacker could use this to cause a denial of\nservice (kernel deadlock). (CVE-2022-4269)\n\nJordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the\ndo_prlimit() function in the Linux kernel did not properly handle\nspeculative execution barriers. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2023-0458)\n\nIt was discovered that the TLS subsystem in the Linux kernel contained a\ntype confusion vulnerability in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly expose\nsensitive information. (CVE-2023-1075)\n\nIt was discovered that the TUN/TAP driver in the Linux kernel did not\nproperly initialize socket data. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2023-1076, CVE-2023-4194)\n\nIt was discovered that the IPv6 implementation in the Linux kernel\ncontained a high rate of hash collisions in connection lookup table. A\nremote attacker could use this to cause a denial of service (excessive CPU\nconsumption). (CVE-2023-1206)\n\nIt was discovered that the Broadcom FullMAC USB WiFi driver in the Linux\nkernel did not properly perform data buffer size validation in some\nsituations. A physically proximate attacker could use this to craft a\nmalicious USB device that when inserted, could cause a denial of service\n(system crash) or possibly expose sensitive information. (CVE-2023-1380)\n\nIt was discovered that a race condition existed in the btrfs file system\nimplementation in the Linux kernel, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly expose sensitive information. (CVE-2023-1611)\n\nRuihan Li discovered that the bluetooth subsystem in the Linux kernel did\nnot properly perform permissions checks when handling HCI sockets. A\nphysically proximate attacker could use this to cause a denial of service\n(bluetooth communication). (CVE-2023-2002)\n\nTavis Ormandy discovered that some AMD processors did not properly handle\nspeculative execution of certain vector register instructions. A local\nattacker could use this to expose sensitive information. (CVE-2023-20593)\n\nIt was discovered that a use-after-free vulnerability existed in the iSCSI\nTCP implementation in the Linux kernel. A local attacker could possibly use\nthis to cause a denial of service (system crash). (CVE-2023-2162)\n\nJuan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski\ndiscovered that the BPF verifier in the Linux kernel did not properly mark\nregisters for precision tracking in certain situations, leading to an out-\nof-bounds access vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2023-2163)\n\nIt was discovered that the perf subsystem in the Linux kernel contained a\nuse-after-free vulnerability. A privileged local attacker could possibly\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2023-2235)\n\nZheng Zhang discovered that the device-mapper implementation in the Linux\nkernel did not properly handle locking during table_clear() operations. A\nlocal attacker could use this to cause a denial of service (kernel\ndeadlock). (CVE-2023-2269)\n\nWei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel\ncontained a null pointer dereference when handling certain messages from\nuser space. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2023-28328)\n\nIt was discovered that a race condition existed in the TLS subsystem in the\nLinux kernel, leading to a use-after-free or a null pointer dereference\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-28466)\n\nIt was discovered that a race condition existed in the f2fs file system in\nthe Linux kernel, leading to a null pointer dereference vulnerability. An\nattacker could use this to construct a malicious f2fs image that, when\nmounted and operated on, could cause a denial of service (system crash).\n(CVE-2023-2898)\n\nIt was discovered that the IP-VLAN network driver for the Linux kernel did\nnot properly initialize memory in some situations, leading to an out-of-\nbounds write vulnerability. An attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code. (CVE-2023-3090)\n\nIt was discovered that the Ricoh R5C592 MemoryStick card reader driver in\nthe Linux kernel contained a race condition during module unload, leading\nto a use-after-free vulnerability. A local attacker could use this to cause\na denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2023-3141)\n\nGwangun Jung discovered that the Quick Fair Queueing scheduler\nimplementation in the Linux kernel contained an out-of-bounds write\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-31436)\n\nIt was discovered that the Qualcomm MSM DPU driver in the Linux kernel did\nnot properly validate memory allocations in certain situations, leading to\na null pointer dereference vulnerability. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2023-3220)\n\nIt was discovered that the NET/ROM protocol implementation in the Linux\nkernel contained a race condition in some situations, leading to a use-\nafter-free vulnerability. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-32269)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nproperly handle some error conditions, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-3390)\n\nIt was discovered that the universal 32bit network packet classifier\nimplementation in the Linux kernel did not properly perform reference\ncounting in some situations, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-3609)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nproperly handle certain error conditions, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-3610)\n\nIt was discovered that the Quick Fair Queueing network scheduler\nimplementation in the Linux kernel contained an out-of-bounds write\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-3611)\n\nIt was discovered that the network packet classifier with\nnetfilter/firewall marks implementation in the Linux kernel did not\nproperly handle reference counting, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-3776)\n\nKevin Rich discovered that the netfilter subsystem in the Linux kernel did\nnot properly handle table rules flush in certain circumstances. A local\nattacker could possibly use this to cause a denial of service (system\ncrash) or execute arbitrary code. (CVE-2023-3777)\n\nIt was discovered that the NFC implementation in the Linux kernel contained\na use-after-free vulnerability when performing peer-to-peer communication\nin certain conditions. A privileged attacker could use this to cause a\ndenial of service (system crash) or possibly expose sensitive information\n(kernel memory). (CVE-2023-3863)\n\nKevin Rich discovered that the netfilter subsystem in the Linux kernel did\nnot properly handle rule additions to bound chains in certain\ncircumstances. A local attacker could possibly use this to cause a denial\nof service (system crash) or execute arbitrary code. (CVE-2023-3995)\n\nIt was discovered that the netfilter subsystem in the Linux kernel did not\nproperly handle PIPAPO element removal, leading to a use-after-free\nvulnerability. A local attacker could possibly use this to cause a denial\nof service (system crash) or execute arbitrary code. (CVE-2023-4004)\n\nKevin Rich discovered that the netfilter subsystem in the Linux kernel did\nnot properly handle bound chain deactivation in certain circumstances. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or execute arbitrary code. (CVE-2023-4015)\n\nIt was discovered that the bluetooth subsystem in the Linux kernel did not\nproperly handle L2CAP socket release, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-40283)\n\nIt was discovered that some network classifier implementations in the Linux\nkernel contained use-after-free vulnerabilities. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2023-4128)\n\nMaxim Suhanov discovered that the exFAT file system implementation in the\nLinux kernel did not properly check a file name length, leading to an out-\nof-bounds write vulnerability. An attacker could use this to construct a\nmalicious exFAT image that, when mounted and operated on, could cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2023-4273)\n\nLonial Con discovered that the netfilter subsystem in the Linux kernel\ncontained a memory leak when handling certain element flush operations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2023-4569)\n\n",
  "id": "USN-6385-1",
  "modified": "2026-06-03T10:45:35Z",
  "published": "2023-09-19T17:44:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-6385-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-4269"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2022-27672"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-0458"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1075"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1076"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1206"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1380"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-1611"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2002"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2162"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2163"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2235"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2269"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-2898"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3090"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3141"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3220"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3390"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3609"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3610"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3611"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3776"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3777"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3863"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-3995"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-4004"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-4015"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-4128"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-4194"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-4273"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-4569"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-20593"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-28328"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-28466"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-31436"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-32269"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2023-40283"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "linux-oem-6.0 vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2022-4269",
    "UBUNTU-CVE-2022-27672",
    "UBUNTU-CVE-2023-0458",
    "UBUNTU-CVE-2023-1075",
    "UBUNTU-CVE-2023-1076",
    "UBUNTU-CVE-2023-1206",
    "UBUNTU-CVE-2023-1380",
    "UBUNTU-CVE-2023-1611",
    "UBUNTU-CVE-2023-2002",
    "UBUNTU-CVE-2023-2162",
    "UBUNTU-CVE-2023-2163",
    "UBUNTU-CVE-2023-2235",
    "UBUNTU-CVE-2023-2269",
    "UBUNTU-CVE-2023-2898",
    "UBUNTU-CVE-2023-3090",
    "UBUNTU-CVE-2023-3141",
    "UBUNTU-CVE-2023-3220",
    "UBUNTU-CVE-2023-3390",
    "UBUNTU-CVE-2023-3609",
    "UBUNTU-CVE-2023-3610",
    "UBUNTU-CVE-2023-3611",
    "UBUNTU-CVE-2023-3776",
    "UBUNTU-CVE-2023-3777",
    "UBUNTU-CVE-2023-3863",
    "UBUNTU-CVE-2023-3995",
    "UBUNTU-CVE-2023-4004",
    "UBUNTU-CVE-2023-4015",
    "UBUNTU-CVE-2023-4128",
    "UBUNTU-CVE-2023-4194",
    "UBUNTU-CVE-2023-4273",
    "UBUNTU-CVE-2023-4569",
    "UBUNTU-CVE-2023-20593",
    "UBUNTU-CVE-2023-28328",
    "UBUNTU-CVE-2023-28466",
    "UBUNTU-CVE-2023-31436",
    "UBUNTU-CVE-2023-32269",
    "UBUNTU-CVE-2023-40283"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…