What is the vulnerability ID?

The vulnerability ID is USN-6386-2.

What is the affected software?

The affected software is Ubuntu Ubuntu 22.04 with Linux kernel version 5.15.0-1038.41 (linux-image-5.15.0-1038-raspi), version 5.15.0.1038.36 (linux-image-raspi), and version 5.15.0.1038.36 (linux-image-raspi-nolpae).

What is the severity of the vulnerability?

The severity of the vulnerability is not mentioned in the description.

How can the vulnerability be exploited?

The vulnerability can be exploited by a local attacker to leak stale data from division operations and potentially expose sensitive information.

How do I fix the vulnerability?

To fix the vulnerability, update the Linux kernel to version 5.15.0-1038.41 (linux-image-5.15.0-1038-raspi), 5.15.0.1038.36 (linux-image-raspi), or 5.15.0.1038.36 (linux-image-raspi-nolpae) using the Ubuntu package manager.

Vulnerability/
USN-6386-2

CWE

416

29/9/2023

USN-6386-2: Linux kernel (Raspberry Pi) vulnerabilities

First published: Fri Sep 29 2023(Updated: )

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-20588) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-4569)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-5.15.0-1038-raspi	<5.15.0-1038.41	5.15.0-1038.41
	=22.04
All of
ubuntu/linux-image-raspi	<5.15.0.1038.36	5.15.0.1038.36
	=22.04
All of
ubuntu/linux-image-raspi-nolpae	<5.15.0.1038.36	5.15.0.1038.36
	=22.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is USN-6386-2.
What is the affected software?
The affected software is Ubuntu Ubuntu 22.04 with Linux kernel version 5.15.0-1038.41 (linux-image-5.15.0-1038-raspi), version 5.15.0.1038.36 (linux-image-raspi), and version 5.15.0.1038.36 (linux-image-raspi-nolpae).
What is the severity of the vulnerability?
The severity of the vulnerability is not mentioned in the description.
How can the vulnerability be exploited?
The vulnerability can be exploited by a local attacker to leak stale data from division operations and potentially expose sensitive information.
How do I fix the vulnerability?
To fix the vulnerability, update the Linux kernel to version 5.15.0-1038.41 (linux-image-5.15.0-1038-raspi), 5.15.0.1038.36 (linux-image-raspi), or 5.15.0.1038.36 (linux-image-raspi-nolpae) using the Ubuntu package manager.

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/title
agent/event
agent/description
agent/weakness
agent/references
agent/tags
agent/trending
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04