First published: Tue Jul 25 2023(Updated: )
Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3269) Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3389)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-oem-22.04c | <6.1.0.1017.17 | 6.1.0.1017.17 |
=22.04 | ||
All of | ||
ubuntu/linux-image-6.1.0-1017-oem | <6.1.0-1017.17 | 6.1.0-1017.17 |
=22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-6249-1 is not specified in the description.
A local attacker can exploit the vulnerability in USN-6249-1 to cause a denial of service (system crash) or execute arbitrary code.
Versions 22.04 of Ubuntu with the specified Linux kernel versions are affected by USN-6249-1.
The CWE IDs for USN-6249-1 are CWE-416 and CWE-362.
You can find more information about USN-6249-1 at the following references: [CVE-2023-3389](https://ubuntu.com/security/CVE-2023-3389), [CVE-2023-3269](https://ubuntu.com/security/CVE-2023-3269), [USN-6246-1](https://ubuntu.com/security/notices/USN-6246-1).