- Vulnerability/
- USN-6205-1
USN-6205-1: Linux kernel (GKE) vulnerabilities
First published: Thu Jul 06 2023(Updated: )
Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35788, LP: #2023577) It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information (kernel memory) or possibly cause undesired behaviors. (LP: #2023220)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-gke | <5.4.0.1103.108 | 5.4.0.1103.108 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-gke-5.4 | <5.4.0.1103.108 | 5.4.0.1103.108 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.4.0-1103-gke | <5.4.0-1103.110 | 5.4.0-1103.110 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-35788
- https://launchpad.net/bugs/2023577
- https://launchpad.net/bugs/2023220
- https://ubuntu.com/security/notices/USN-6192-1
- https://ubuntu.com/security/notices/USN-6193-1
- https://ubuntu.com/security/notices/USN-6194-1
- https://ubuntu.com/security/notices/USN-6206-1
- https://ubuntu.com/security/notices/USN-6212-1
- https://ubuntu.com/security/notices/USN-6220-1
- https://ubuntu.com/security/notices/USN-6223-1
- https://ubuntu.com/security/notices/USN-6234-1
- https://ubuntu.com/security/notices/USN-6235-1
- https://ubuntu.com/security/notices/USN-6256-1
- https://ubuntu.com/security/notices/LSN-0097-1
- https://launchpad.net/ubuntu/+source/linux-meta-gke/5.4.0.1103.108
- https://launchpad.net/ubuntu/+source/linux-signed-gke/5.4.0-1103.110
- https://ubuntu.com/security/notices/USN-6205-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID of USN-6205-1?
The vulnerability ID of USN-6205-1 is CVE-2023-35788.
What is the impact of the vulnerability in USN-6205-1?
The vulnerability in USN-6205-1 can cause a denial of service (system crash) or possibly execute arbitrary code.
How can an attacker exploit the vulnerability in USN-6205-1?
An attacker can exploit the vulnerability in USN-6205-1 by exploiting the out-of-bounds write vulnerability in the Flower classifier implementation in the Linux kernel.
Which software versions are affected by USN-6205-1?
The affected software versions for USN-6205-1 are Linux kernel versions 5.4.0.1103.108 and 5.4.0-1103.110.
How can I fix the vulnerability in USN-6205-1?
To fix the vulnerability in USN-6205-1, update your Linux kernel to version 5.4.0.1103.108 or 5.4.0-1103.110.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6192-1
- anchor-related/USN-6193-1
- anchor-related/USN-6194-1
- anchor-related/USN-6206-1
- anchor-related/USN-6212-1
- anchor-related/USN-6220-1
- anchor-related/USN-6223-1
- anchor-related/USN-6234-1
- anchor-related/USN-6235-1
- anchor-related/USN-6256-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04