What is the vulnerability ID for this Linux kernel vulnerability affecting Intel IoTG?

The vulnerability ID for this Linux kernel vulnerability affecting Intel IoTG is CVE-2023-1076.

How can a local attacker exploit the vulnerability CVE-2023-1076?

A local attacker can exploit the vulnerability CVE-2023-1076 by using the improperly initialized socket data to cause a denial of service (system crash).

What is the remedy version for the vulnerability affecting Ubuntu 22.04 with the package linux-image-5.15.0-1033-intel-iotg?

The remedy version for the vulnerability affecting Ubuntu 22.04 with the package linux-image-5.15.0-1033-intel-iotg is 5.15.0-1033.38.

What is the affected software version for the vulnerability affecting Ubuntu 20.04 with the package linux-image-intel-iotg?

The affected software version for the vulnerability affecting Ubuntu 20.04 with the package linux-image-intel-iotg is 5.15.0.1033.32.

What is the Common Weakness Enumeration (CWE) for this vulnerability?

The Common Weakness Enumeration (CWE) for this vulnerability is CWE-416 and CWE-362.

Vulnerability/
USN-6207-1

CWE

416 362

6/7/2023

USN-6207-1: Linux kernel (Intel IoTG) vulnerabilities

First published: Thu Jul 06 2023(Updated: )

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1076) It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1077) It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1670) It was discovered that a race condition existed in the Xen transport layer implementation for the 9P file system protocol in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2023-1859) Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2 mitigations with prctl syscall were insufficient in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-1998) It was discovered that the BigBen Interactive Kids' gamepad driver in the Linux kernel did not properly handle device removal, leading to a use- after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-25012) It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-2985)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-5.15.0-1033-intel-iotg	<5.15.0-1033.38	5.15.0-1033.38
	=22.04
All of
ubuntu/linux-image-intel-iotg	<5.15.0.1033.32	5.15.0.1033.32
	=22.04
All of
ubuntu/linux-image-intel-iotg	<5.15.0.1033.38~20.04.24	5.15.0.1033.38~20.04.24
	=20.04
All of
ubuntu/linux-image-5.15.0-1033-intel-iotg	<5.15.0-1033.38~20.04.1	5.15.0-1033.38~20.04.1
	=20.04
All of
ubuntu/linux-image-intel	<5.15.0.1033.38~20.04.24	5.15.0.1033.38~20.04.24
	=20.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this Linux kernel vulnerability affecting Intel IoTG?
The vulnerability ID for this Linux kernel vulnerability affecting Intel IoTG is CVE-2023-1076.
How can a local attacker exploit the vulnerability CVE-2023-1076?
A local attacker can exploit the vulnerability CVE-2023-1076 by using the improperly initialized socket data to cause a denial of service (system crash).
What is the remedy version for the vulnerability affecting Ubuntu 22.04 with the package linux-image-5.15.0-1033-intel-iotg?
The remedy version for the vulnerability affecting Ubuntu 22.04 with the package linux-image-5.15.0-1033-intel-iotg is 5.15.0-1033.38.
What is the affected software version for the vulnerability affecting Ubuntu 20.04 with the package linux-image-intel-iotg?
The affected software version for the vulnerability affecting Ubuntu 20.04 with the package linux-image-intel-iotg is 5.15.0.1033.32.
What is the Common Weakness Enumeration (CWE) for this vulnerability?
The Common Weakness Enumeration (CWE) for this vulnerability is CWE-416 and CWE-362.

agent/weakness
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/title
agent/description
agent/event
agent/references
agent/tags
agent/trending
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04
version/ubuntu ubuntu/20.04