USN-6465-3: Linux kernel (GKE) vulnerabilities
First published: Fri Nov 10 2023(Updated: )
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083) Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-5.15.0-1046-gke | <5.15.0-1046.51 | 5.15.0-1046.51 |
| =22.04 | ||
| All of | ||
| ubuntu/linux-image-gke | <5.15.0.1046.45 | 5.15.0.1046.45 |
| =22.04 | ||
| All of | ||
| ubuntu/linux-image-gke-5.15 | <5.15.0.1046.45 | 5.15.0.1046.45 |
| =22.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2023-3772
- https://ubuntu.com/security/CVE-2023-31083
- https://ubuntu.com/security/notices/USN-6415-1
- https://ubuntu.com/security/notices/USN-6439-1
- https://ubuntu.com/security/notices/USN-6440-1
- https://ubuntu.com/security/notices/USN-6440-2
- https://ubuntu.com/security/notices/USN-6439-2
- https://ubuntu.com/security/notices/USN-6440-3
- https://ubuntu.com/security/notices/USN-6462-1
- https://ubuntu.com/security/notices/USN-6464-1
- https://ubuntu.com/security/notices/USN-6465-1
- https://ubuntu.com/security/notices/USN-6466-1
- https://ubuntu.com/security/notices/USN-6465-2
- https://ubuntu.com/security/notices/USN-6462-2
- https://ubuntu.com/security/notices/USN-6516-1
- https://ubuntu.com/security/notices/USN-6520-1
- https://launchpad.net/ubuntu/+source/linux-signed-gke/5.15.0-1046.51
- https://launchpad.net/ubuntu/+source/linux-meta-gke/5.15.0.1046.45
- https://ubuntu.com/security/notices/USN-6465-3 (Advisory)
Frequently Asked Questions
What is the severity of USN-6465-3?
The severity of USN-6465-3 is medium.
How can an attacker exploit CVE-2023-31083?
A local attacker can exploit CVE-2023-31083 to cause a denial of service (system crash) by exploiting a race condition in the Bluetooth HCI UART driver.
What is the remedy for Linux kernel vulnerabilities on Ubuntu 22.04?
To fix the Linux kernel vulnerabilities on Ubuntu 22.04, update the 'linux-image-5.15.0-1046-gke' package to version 5.15.0-1046.51.
What are the references for USN-6465-3?
The references for USN-6465-3 are: https://ubuntu.com/security/CVE-2023-3772, https://ubuntu.com/security/CVE-2023-31083, and https://ubuntu.com/security/notices/USN-6415-1.
Which CWE IDs are associated with USN-6465-3?
The CWE IDs associated with USN-6465-3 are CWE-476 and CWE-362.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/usn
- source/Ubuntu
- anchor-related/USN-6415-1
- anchor-related/USN-6439-1
- anchor-related/USN-6440-1
- anchor-related/USN-6440-2
- anchor-related/USN-6439-2
- anchor-related/USN-6440-3
- anchor-related/USN-6462-1
- anchor-related/USN-6464-1
- anchor-related/USN-6465-1
- anchor-related/USN-6466-1
- anchor-related/USN-6465-2
- anchor-related/USN-6462-2
- anchor-related/USN-6516-1
- anchor-related/USN-6520-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/22.04