What is the severity of CVE-2023-1281?

CVE-2023-1281 has a high severity.

How can CVE-2023-1281 be exploited?

CVE-2023-1281 can be exploited by a local attacker to cause a denial of service or execute arbitrary code.

What is the recommended remedy for CVE-2023-1281?

The recommended remedy for CVE-2023-1281 is to update to version 5.15.0-1028.33 of the linux-image-5.15.0-1028-intel-iotg package.

What is the severity of CVE-2022-4842?

CVE-2022-4842 has a high severity.

What is the severity of CVE-2023-26545?

CVE-2023-26545 has a medium severity.

What is the severity of CVE-2023-1074?

CVE-2023-1074 has a high severity.

What is the recommended remedy for CVE-2023-1074?

The recommended remedy for CVE-2023-1074 is to update to version 5.15.0.1028.27 of the linux-image-intel-iotg package.

Vulnerability/
USN-6057-1

CWE

416 476 362

5/5/2023

USN-6057-1: Linux kernel (Intel IoTG) vulnerabilities

First published: Fri May 05 2023(Updated: )

It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-0386) Haowei Yan discovered that a race condition existed in the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-4129) It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-4842) Kyle Zeng discovered that the IPv6 implementation in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-0394) It was discovered that the Human Interface Device (HID) support driver in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1073) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) It was discovered that the NFS implementation in the Linux kernel did not properly handle pending tasks in some situations. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1652) Lianhui Tang discovered that the MPLS implementation in the Linux kernel did not properly handle certain sysctl allocation failure conditions, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-5.15.0-1028-intel-iotg	<5.15.0-1028.33	5.15.0-1028.33
	=22.04
All of
ubuntu/linux-image-intel-iotg	<5.15.0.1028.27	5.15.0.1028.27
	=22.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-1281?
CVE-2023-1281 has a high severity.
How can CVE-2023-1281 be exploited?
CVE-2023-1281 can be exploited by a local attacker to cause a denial of service or execute arbitrary code.
What is the recommended remedy for CVE-2023-1281?
The recommended remedy for CVE-2023-1281 is to update to version 5.15.0-1028.33 of the linux-image-5.15.0-1028-intel-iotg package.
What is the severity of CVE-2022-4842?
CVE-2022-4842 has a high severity.
What is the severity of CVE-2023-26545?
CVE-2023-26545 has a medium severity.
What is the severity of CVE-2023-1074?
CVE-2023-1074 has a high severity.
What is the recommended remedy for CVE-2023-1074?
The recommended remedy for CVE-2023-1074 is to update to version 5.15.0.1028.27 of the linux-image-intel-iotg package.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/usn
source/Ubuntu
anchor-related/USN-5978-1
anchor-related/USN-6025-1
anchor-related/USN-6040-1
anchor-related/USN-6079-1
anchor-related/USN-6091-1
anchor-related/USN-6096-1
anchor-related/USN-6134-1
anchor-related/USN-6206-1
anchor-related/USN-6235-1
anchor-related/USN-6001-1
anchor-related/USN-6013-1
anchor-related/USN-6014-1
anchor-related/USN-6024-1
anchor-related/USN-6027-1
anchor-related/USN-6029-1
anchor-related/USN-6030-1
anchor-related/USN-6071-1
anchor-related/USN-6072-1
anchor-related/USN-6093-1
anchor-related/USN-6222-1
anchor-related/USN-6256-1
anchor-related/USN-6031-1
anchor-related/USN-6032-1
anchor-related/USN-6149-1
anchor-related/USN-6174-1
anchor-related/USN-5977-1
anchor-related/USN-6043-1
anchor-related/USN-5915-1
anchor-related/USN-5917-1
anchor-related/USN-5924-1
anchor-related/USN-5927-1
anchor-related/USN-5934-1
anchor-related/USN-5939-1
anchor-related/USN-5940-1
anchor-related/USN-5951-1
anchor-related/USN-5975-1
anchor-related/USN-5981-1
anchor-related/USN-5984-1
anchor-related/USN-5991-1
anchor-related/USN-6000-1
anchor-related/USN-6009-1
anchor-related/USN-6247-1
anchor-related/USN-6248-1
anchor-related/USN-5976-1
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04