First published: Tue Jul 25 2023(Updated: )
It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-47929) It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-21106) Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31248) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3389) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-6.0.0-1020-oem | <6.0.0-1020.20 | 6.0.0-1020.20 |
=22.04 | ||
All of | ||
ubuntu/linux-image-oem-22.04b | <6.0.0.1020.20 | 6.0.0.1020.20 |
=22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-6248-1 is not specified in the description.
A local attacker can exploit CVE-2022-47929 by causing a denial of service (system crash) through a null pointer dereference in the network queuing discipline implementation.
The remedy for the linux-image-6.0.0-1020-oem package is to update to version 6.0.0-1020.20.
The remedy for the linux-image-oem-22.04b package is to update to version 6.0.0.1020.20.
The CWE classifications for USN-6248-1 are CWE-416 (Use After Free), CWE-476 (Null Pointer Dereference), and CWE-362 (Concurrency Issues).