What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is USN-6388-1.

What is the severity of vulnerability USN-6388-1?

The severity of vulnerability USN-6388-1 is not specified in the provided information.

What software versions are affected by vulnerability USN-6388-1?

Vulnerability USN-6388-1 affects Ubuntu 16.04 (linux-image-4.4.0-1124-kvm, linux-image-4.4.0-1161-aws, linux-image-4.4.0-245-generic, linux-image-4.4.0-245-lowlatency, linux-image-aws, linux-image-generic, linux-image-generic-lts-xenial, linux-image-kvm, linux-image-lowlatency, linux-image-lowlatency-lts-xenial, linux-image-virtual, linux-image-virtual-lts-xenial) and Ubuntu 14.04 (linux-image-4.4.0-1123-aws, linux-image-4.4.0-245-generic, linux-image-4.4.0-245-lowlatency, linux-image-aws, linux-image-generic-lts-xenial, linux-image-lowlatency-lts-xenial, linux-image-virtual-lts-xenial).

How can I fix vulnerability USN-6388-1?

To fix vulnerability USN-6388-1, update the affected Ubuntu packages to the specified remediation versions (e.g., linux-image-4.4.0-1124.134 for Ubuntu 16.04).

Where can I find more information about vulnerability USN-6388-1?

You can find more information about vulnerability USN-6388-1 in the Ubuntu Security Notices at the provided reference links.

Vulnerability/
USN-6388-1

CWE

416 476 362

19/9/2023

USN-6388-1: Linux kernel vulnerabilities

First published: Tue Sep 19 2023(Updated: )

Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service (system crash). (CVE-2023-3212) It was discovered that the NET/ROM protocol implementation in the Linux kernel contained a race condition in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32269) It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863) It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-40283) It was discovered that some network classifier implementations in the Linux kernel contained use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4128) It was discovered that the JFS file system implementation in the Linux kernel did not properly validate memory allocations in certain situations, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious JFS image that, when mounted, could cause a denial of service (system crash). (CVE-2023-4385) It was discovered that the VMware VMXNET3 ethernet driver in the Linux kernel contained a use-after-free vulnerability in certain situations. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4387) It was discovered that the VMware VMXNET3 ethernet driver in the Linux kernel did not properly handle errors in certain situations, leading to a null pointer dereference vulnerability. A local attacker in a guest VM could use this to cause a denial of service (system crash). (CVE-2023-4459)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-4.4.0-1124-kvm	<4.4.0-1124.134	4.4.0-1124.134
	=16.04
All of
ubuntu/linux-image-4.4.0-1161-aws	<4.4.0-1161.176	4.4.0-1161.176
	=16.04
All of
ubuntu/linux-image-4.4.0-245-generic	<4.4.0-245.279	4.4.0-245.279
	=16.04
All of
ubuntu/linux-image-4.4.0-245-lowlatency	<4.4.0-245.279	4.4.0-245.279
	=16.04
All of
ubuntu/linux-image-aws	<4.4.0.1161.165	4.4.0.1161.165
	=16.04
All of
ubuntu/linux-image-generic	<4.4.0.245.251	4.4.0.245.251
	=16.04
All of
ubuntu/linux-image-generic-lts-xenial	<4.4.0.245.251	4.4.0.245.251
	=16.04
All of
ubuntu/linux-image-kvm	<4.4.0.1124.121	4.4.0.1124.121
	=16.04
All of
ubuntu/linux-image-lowlatency	<4.4.0.245.251	4.4.0.245.251
	=16.04
All of
ubuntu/linux-image-lowlatency-lts-xenial	<4.4.0.245.251	4.4.0.245.251
	=16.04
All of
ubuntu/linux-image-virtual	<4.4.0.245.251	4.4.0.245.251
	=16.04
All of
ubuntu/linux-image-virtual-lts-xenial	<4.4.0.245.251	4.4.0.245.251
	=16.04
All of
ubuntu/linux-image-4.4.0-1123-aws	<4.4.0-1123.129	4.4.0-1123.129
	=14.04
All of
ubuntu/linux-image-4.4.0-245-generic	<4.4.0-245.279~14.04.1	4.4.0-245.279~14.04.1
	=14.04
All of
ubuntu/linux-image-4.4.0-245-lowlatency	<4.4.0-245.279~14.04.1	4.4.0-245.279~14.04.1
	=14.04
All of
ubuntu/linux-image-aws	<4.4.0.1123.120	4.4.0.1123.120
	=14.04
All of
ubuntu/linux-image-generic-lts-xenial	<4.4.0.245.213	4.4.0.245.213
	=14.04
All of
ubuntu/linux-image-lowlatency-lts-xenial	<4.4.0.245.213	4.4.0.245.213
	=14.04
All of
ubuntu/linux-image-virtual-lts-xenial	<4.4.0.245.213	4.4.0.245.213
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-6388-1.
What is the severity of vulnerability USN-6388-1?
The severity of vulnerability USN-6388-1 is not specified in the provided information.
What software versions are affected by vulnerability USN-6388-1?
Vulnerability USN-6388-1 affects Ubuntu 16.04 (linux-image-4.4.0-1124-kvm, linux-image-4.4.0-1161-aws, linux-image-4.4.0-245-generic, linux-image-4.4.0-245-lowlatency, linux-image-aws, linux-image-generic, linux-image-generic-lts-xenial, linux-image-kvm, linux-image-lowlatency, linux-image-lowlatency-lts-xenial, linux-image-virtual, linux-image-virtual-lts-xenial) and Ubuntu 14.04 (linux-image-4.4.0-1123-aws, linux-image-4.4.0-245-generic, linux-image-4.4.0-245-lowlatency, linux-image-aws, linux-image-generic-lts-xenial, linux-image-lowlatency-lts-xenial, linux-image-virtual-lts-xenial).
How can I fix vulnerability USN-6388-1?
To fix vulnerability USN-6388-1, update the affected Ubuntu packages to the specified remediation versions (e.g., linux-image-4.4.0-1124.134 for Ubuntu 16.04).
Where can I find more information about vulnerability USN-6388-1?
You can find more information about vulnerability USN-6388-1 in the Ubuntu Security Notices at the provided reference links.

agent/type
agent/severity
agent/references
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/title
agent/weakness
agent/description
agent/event
agent/tags
agent/trending
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04