USN-6261-1: Linux kernel (IoT) vulnerabilities
First published: Fri Jul 28 2023(Updated: )
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3090) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3390) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-5.4.0-1018-iot | <5.4.0-1018.19 | 5.4.0-1018.19 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-32629
- https://ubuntu.com/security/CVE-2023-3390
- https://ubuntu.com/security/CVE-2023-3090
- https://ubuntu.com/security/CVE-2023-35001
- https://ubuntu.com/security/notices/USN-6248-1
- https://ubuntu.com/security/notices/USN-6250-1
- https://ubuntu.com/security/notices/USN-6251-1
- https://ubuntu.com/security/notices/USN-6260-1
- https://ubuntu.com/security/notices/USN-6285-1
- https://ubuntu.com/security/notices/LSN-0097-1
- https://ubuntu.com/security/notices/USN-6246-1
- https://ubuntu.com/security/notices/USN-6252-1
- https://ubuntu.com/security/notices/USN-6254-1
- https://ubuntu.com/security/notices/USN-6255-1
- https://ubuntu.com/security/notices/USN-6385-1
- https://ubuntu.com/security/notices/USN-6231-1
- https://ubuntu.com/security/notices/LSN-0098-1
- https://ubuntu.com/security/notices/LSN-0096-1
- https://ubuntu.com/security/notices/USN-6247-1
- https://ubuntu.com/security/notices/USN-6460-1
- https://launchpad.net/ubuntu/+source/linux-signed-iot/5.4.0-1018.19
- https://ubuntu.com/security/notices/USN-6261-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2023-3090?
The severity of CVE-2023-3090 is high.
How does CVE-2023-3090 affect the Linux kernel?
CVE-2023-3090 can cause a denial of service (system crash) or possibly execute arbitrary code.
How can I fix the Linux kernel vulnerability CVE-2023-3090?
To fix the CVE-2023-3090 vulnerability, update the Linux kernel to version 5.4.0-1018.19 or later.
What is the Ubuntu version affected by CVE-2023-3090?
Ubuntu 20.04 is affected by CVE-2023-3090.
Where can I find more information about CVE-2023-3090?
You can find more information about CVE-2023-3090 on the Ubuntu security website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-6248-1
- anchor-related/USN-6250-1
- anchor-related/USN-6251-1
- anchor-related/USN-6260-1
- anchor-related/USN-6285-1
- anchor-related/USN-6246-1
- anchor-related/USN-6252-1
- anchor-related/USN-6254-1
- anchor-related/USN-6255-1
- anchor-related/USN-6385-1
- anchor-related/USN-6231-1
- anchor-related/USN-6247-1
- anchor-related/USN-6460-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04