First published: Fri Mar 03 2023(Updated: )
It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-0461) Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20566) It was discovered that the ISDN implementation of the Linux kernel contained a use-after-free vulnerability. A privileged user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3565) It was discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a reference counting error. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36879) It was discovered that the USB monitoring (usbmon) component in the Linux kernel did not properly set permissions on memory mapped in to user space processes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43750) It was discovered that the NFSD implementation in the Linux kernel contained a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4379) It was discovered that the Atmel WILC1000 driver in the Linux kernel did not properly validate offsets, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-47520) José Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-oem-22.04 | <5.17.0.1028.26 | 5.17.0.1028.26 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/linux-image-oem-22.04a | <5.17.0.1028.26 | 5.17.0.1028.26 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/linux-image-5.17.0-1028-oem | <5.17.0-1028.29 | 5.17.0-1028.29 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/linux-image-oem-20.04c | <5.14.0.1058.56 | 5.14.0.1058.56 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/linux-image-oem-20.04b | <5.14.0.1058.56 | 5.14.0.1058.56 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/linux-image-oem-20.04 | <5.14.0.1058.56 | 5.14.0.1058.56 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/linux-image-5.14.0-1058-oem | <5.14.0-1058.66 | 5.14.0-1058.66 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-5913-1 is high.
The ULP subsystem vulnerability can lead to a use-after-free vulnerability, causing a denial of service (system crash) or possible execution of arbitrary code.
Versions 5.17.0.1028.26 and earlier, 5.14.0.1058.56 and earlier, and 5.14.0-1058.66 and earlier of the Linux kernel (OEM) are affected by USN-5913-1.
Update the affected Linux kernel (OEM) to version 5.17.0.1028.26, 5.14.0.1058.56, or 5.14.0-1058.66, depending on the specific version you are using.
You can find more information about USN-5913-1 on the Ubuntu Security Notices website.