First published: Tue Aug 29 2023(Updated: )
Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4004) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4015)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-6.1.0-1020-oem | <6.1.0-1020.20 | 6.1.0-1020.20 |
=22.04 | ||
All of | ||
ubuntu/linux-image-oem-22.04c | <6.1.0.1020.20 | 6.1.0.1020.20 |
=22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this security advisory is USN-6316-1.
The severity of CVE-2022-40982 is not specified in the security advisory.
A local unprivileged user can exploit CVE-2022-40982 to obtain sensitive information.
The remedy for the vulnerability in Ubuntu version 22.04 is to update to linux-image-oem-22.04c version 6.1.0.1020.20.
The Common Weakness Enumeration (CWE) ID for this vulnerability is 416.