USN-6460-1: Linux kernel vulnerabilities
First published: Mon Oct 30 2023(Updated: )
It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service (excessive CPU consumption). (CVE-2023-1206) It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1380) Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-31436) Tanguy Dubroca discovered that the netfilter subsystem in the Linux kernel did not properly handle certain pointer data type, leading to an out-of- bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35001) Kyle Zeng discovered that the networking stack implementation in the Linux kernel did not properly validate skb object size in certain conditions. An attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-42752) Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash). Please note that kernel packet classifier support for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755) Budimir Markovic discovered that the qdisc implementation in the Linux kernel did not properly validate inner classes, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4623)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-3.13.0-194-generic | <3.13.0-194.245 | 3.13.0-194.245 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-3.13.0-194-lowlatency | <3.13.0-194.245 | 3.13.0-194.245 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-generic | <3.13.0.194.204 | 3.13.0.194.204 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-generic-lts-trusty | <3.13.0.194.204 | 3.13.0.194.204 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-lowlatency | <3.13.0.194.204 | 3.13.0.194.204 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-server | <3.13.0.194.204 | 3.13.0.194.204 |
| =14.04 | ||
| All of | ||
| ubuntu/linux-image-virtual | <3.13.0.194.204 | 3.13.0.194.204 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-42755
- https://ubuntu.com/security/CVE-2023-1380
- https://ubuntu.com/security/CVE-2023-42752
- https://ubuntu.com/security/CVE-2023-35001
- https://ubuntu.com/security/CVE-2023-1206
- https://ubuntu.com/security/CVE-2023-4623
- https://ubuntu.com/security/CVE-2023-31436
- https://ubuntu.com/security/notices/USN-6439-1
- https://ubuntu.com/security/notices/USN-6440-1
- https://ubuntu.com/security/notices/USN-6441-1
- https://ubuntu.com/security/notices/USN-6442-1
- https://ubuntu.com/security/notices/USN-6443-1
- https://ubuntu.com/security/notices/USN-6444-1
- https://ubuntu.com/security/notices/USN-6445-1
- https://ubuntu.com/security/notices/USN-6446-1
- https://ubuntu.com/security/notices/USN-6440-2
- https://ubuntu.com/security/notices/USN-6439-2
- https://ubuntu.com/security/notices/USN-6441-2
- https://ubuntu.com/security/notices/USN-6444-2
- https://ubuntu.com/security/notices/USN-6445-2
- https://ubuntu.com/security/notices/USN-6446-2
- https://ubuntu.com/security/notices/USN-6440-3
- https://ubuntu.com/security/notices/USN-6446-3
- https://ubuntu.com/security/notices/USN-6441-3
- https://ubuntu.com/security/notices/USN-6466-1
- https://ubuntu.com/security/notices/USN-6127-1
- https://ubuntu.com/security/notices/USN-6130-1
- https://ubuntu.com/security/notices/USN-6131-1
- https://ubuntu.com/security/notices/USN-6132-1
- https://ubuntu.com/security/notices/USN-6135-1
- https://ubuntu.com/security/notices/USN-6149-1
- https://ubuntu.com/security/notices/USN-6150-1
- https://ubuntu.com/security/notices/USN-6162-1
- https://ubuntu.com/security/notices/USN-6173-1
- https://ubuntu.com/security/notices/USN-6175-1
- https://ubuntu.com/security/notices/LSN-0095-1
- https://ubuntu.com/security/notices/USN-6186-1
- https://ubuntu.com/security/notices/USN-6222-1
- https://ubuntu.com/security/notices/LSN-0096-1
- https://ubuntu.com/security/notices/USN-6256-1
- https://ubuntu.com/security/notices/USN-6385-1
- https://ubuntu.com/security/notices/LSN-0099-1
- https://ubuntu.com/security/notices/USN-6246-1
- https://ubuntu.com/security/notices/USN-6247-1
- https://ubuntu.com/security/notices/USN-6248-1
- https://ubuntu.com/security/notices/USN-6250-1
- https://ubuntu.com/security/notices/USN-6251-1
- https://ubuntu.com/security/notices/USN-6252-1
- https://ubuntu.com/security/notices/USN-6254-1
- https://ubuntu.com/security/notices/USN-6255-1
- https://ubuntu.com/security/notices/USN-6260-1
- https://ubuntu.com/security/notices/USN-6261-1
- https://ubuntu.com/security/notices/USN-6285-1
- https://ubuntu.com/security/notices/LSN-0097-1
- https://ubuntu.com/security/notices/USN-6343-1
- https://ubuntu.com/security/notices/USN-6412-1
- https://ubuntu.com/security/notices/USN-6416-1
- https://ubuntu.com/security/notices/USN-6417-1
- https://ubuntu.com/security/notices/USN-6416-2
- https://ubuntu.com/security/notices/USN-6416-3
- https://ubuntu.com/security/notices/USN-6415-1
- https://ubuntu.com/security/notices/USN-6460-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for Linux kernel vulnerabilities?
The vulnerability ID for Linux kernel vulnerabilities is USN-6460-1.
What is the severity of USN-6460-1?
The severity of USN-6460-1 is not specified.
What is the affected software for USN-6460-1?
The affected software for USN-6460-1 is Ubuntu 14.04 with Linux kernel version 3.13.0-194.245.
How can I fix USN-6460-1?
To fix USN-6460-1, update the Linux kernel to version 3.13.0-194.245 or later.
Where can I find more information about USN-6460-1?
You can find more information about USN-6460-1 on the Ubuntu security website.
- agent/references
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/title
- agent/event
- agent/weakness
- agent/description
- agent/tags
- agent/trending
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/14.04