- Vulnerability/
- USN-6234-1
USN-6234-1: Linux kernel (Xilinx ZynqMP) vulnerability
First published: Tue Jul 18 2023(Updated: )
Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35788, LP: #2023577) It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information (kernel memory) or possibly cause undesired behaviors. (LP: #2023220)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-xilinx-zynqmp | <5.4.0.1025.27 | 5.4.0.1025.27 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.4.0-1025-xilinx-zynqmp | <5.4.0-1025.29 | 5.4.0-1025.29 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-35788
- https://launchpad.net/bugs/2023577
- https://launchpad.net/bugs/2023220
- https://ubuntu.com/security/notices/USN-6192-1
- https://ubuntu.com/security/notices/USN-6193-1
- https://ubuntu.com/security/notices/USN-6194-1
- https://ubuntu.com/security/notices/USN-6205-1
- https://ubuntu.com/security/notices/USN-6206-1
- https://ubuntu.com/security/notices/USN-6212-1
- https://ubuntu.com/security/notices/USN-6220-1
- https://ubuntu.com/security/notices/USN-6223-1
- https://ubuntu.com/security/notices/USN-6235-1
- https://ubuntu.com/security/notices/USN-6256-1
- https://ubuntu.com/security/notices/LSN-0097-1
- https://launchpad.net/ubuntu/+source/linux-meta-xilinx-zynqmp/5.4.0.1025.27
- https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1025.29
- https://ubuntu.com/security/notices/USN-6234-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this Linux kernel vulnerability?
It is CVE-2023-35788.
What is the severity of CVE-2023-35788?
The severity of CVE-2023-35788 is not specified in the USN document.
What is the affected software for this vulnerability?
The affected software is Ubuntu Ubuntu 20.04 with the Linux kernel version 5.4.0.1025.27 and 5.4.0-1025.29 for Xilinx ZynqMP.
How can an attacker exploit CVE-2023-35788?
An attacker can exploit CVE-2023-35788 to cause a denial of service (system crash) or possibly execute arbitrary code.
How can I fix the vulnerability in the Linux kernel (Xilinx ZynqMP)?
To fix the vulnerability, update the Linux kernel to version 5.4.0.1025.27 or 5.4.0-1025.29, depending on the affected software version.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-6192-1
- anchor-related/USN-6193-1
- anchor-related/USN-6194-1
- anchor-related/USN-6205-1
- anchor-related/USN-6206-1
- anchor-related/USN-6212-1
- anchor-related/USN-6220-1
- anchor-related/USN-6223-1
- anchor-related/USN-6235-1
- anchor-related/USN-6256-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04