- Vulnerability/
- USN-6228-1
USN-6228-1: Linux kernel vulnerabilities
First published: Thu Jul 13 2023(Updated: )
It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-2176)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-6.2.0-1007-oracle | <6.2.0-1007.7 | 6.2.0-1007.7 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-oracle | <6.2.0.1007.7 | 6.2.0.1007.7 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-azure | <6.2.0.1007.7 | 6.2.0.1007.7 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-6.2.0-1007-azure | <6.2.0-1007.7 | 6.2.0-1007.7 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-6.2.0-1009-gcp | <6.2.0-1009.9 | 6.2.0-1009.9 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-ibm | <6.2.0.1005.5 | 6.2.0.1005.5 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-6.2.0-1005-ibm | <6.2.0-1005.5 | 6.2.0-1005.5 |
| =23.04 | ||
| All of | ||
| ubuntu/linux-image-gcp | <6.2.0.1009.9 | 6.2.0.1009.9 |
| =23.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-2124
- https://ubuntu.com/security/CVE-2023-2176
- https://ubuntu.com/security/notices/USN-6206-1
- https://ubuntu.com/security/notices/USN-6224-1
- https://ubuntu.com/security/notices/USN-6231-1
- https://ubuntu.com/security/notices/USN-6235-1
- https://ubuntu.com/security/notices/USN-6252-1
- https://ubuntu.com/security/notices/USN-6254-1
- https://ubuntu.com/security/notices/USN-6284-1
- https://ubuntu.com/security/notices/USN-6300-1
- https://ubuntu.com/security/notices/USN-6301-1
- https://ubuntu.com/security/notices/USN-6311-1
- https://ubuntu.com/security/notices/USN-6312-1
- https://ubuntu.com/security/notices/USN-6314-1
- https://ubuntu.com/security/notices/USN-6331-1
- https://ubuntu.com/security/notices/USN-6332-1
- https://ubuntu.com/security/notices/USN-6337-1
- https://ubuntu.com/security/notices/USN-6347-1
- https://ubuntu.com/security/notices/USN-6194-1
- https://launchpad.net/ubuntu/+source/linux-signed-oracle/6.2.0-1007.7
- https://launchpad.net/ubuntu/+source/linux-meta-oracle/6.2.0.1007.7
- https://launchpad.net/ubuntu/+source/linux-meta-azure/6.2.0.1007.7
- https://launchpad.net/ubuntu/+source/linux-signed-azure/6.2.0-1007.7
- https://launchpad.net/ubuntu/+source/linux-signed-gcp/6.2.0-1009.9
- https://launchpad.net/ubuntu/+source/linux-meta-ibm/6.2.0.1005.5
- https://launchpad.net/ubuntu/+source/linux-signed-ibm/6.2.0-1005.5
- https://launchpad.net/ubuntu/+source/linux-meta-gcp/6.2.0.1009.9
- https://ubuntu.com/security/notices/USN-6228-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this Linux kernel vulnerability?
The vulnerability ID for this Linux kernel vulnerability is CVE-2023-2124.
How does this vulnerability impact the Linux kernel?
This vulnerability could cause a denial of service (system crash) when a specially crafted file system image is mounted.
What is the severity of CVE-2023-2124?
The severity of CVE-2023-2124 is not specified in the provided information.
Which software versions are affected by CVE-2023-2124?
The following software versions are affected by CVE-2023-2124: linux-image-6.2.0-1007-oracle, linux-image-oracle, linux-image-azure, linux-image-6.2.0-1007-azure, linux-image-6.2.0-1009-gcp, linux-image-ibm, linux-image-6.2.0-1005-ibm, linux-image-gcp.
How can I fix the vulnerability in the Linux kernel?
To fix the vulnerability, update the affected software versions to the recommended versions: linux-image-6.2.0-1007-oracle (6.2.0-1007.7), linux-image-oracle (6.2.0.1007.7), linux-image-azure (6.2.0.1007.7), linux-image-6.2.0-1007-azure (6.2.0-1007.7), linux-image-6.2.0-1009-gcp (6.2.0-1009.9), linux-image-ibm (6.2.0.1005.5), linux-image-6.2.0-1005-ibm (6.2.0-1005.5), linux-image-gcp (6.2.0.1009.9).
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6206-1
- anchor-related/USN-6224-1
- anchor-related/USN-6231-1
- anchor-related/USN-6235-1
- anchor-related/USN-6252-1
- anchor-related/USN-6254-1
- anchor-related/USN-6284-1
- anchor-related/USN-6300-1
- anchor-related/USN-6301-1
- anchor-related/USN-6311-1
- anchor-related/USN-6312-1
- anchor-related/USN-6314-1
- anchor-related/USN-6331-1
- anchor-related/USN-6332-1
- anchor-related/USN-6337-1
- anchor-related/USN-6347-1
- anchor-related/USN-6194-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/23.04