What is the severity of CVE-2023-5090?

The severity of CVE-2023-5090 is not specified in the information provided.

How can an attacker exploit CVE-2023-5090?

An attacker in a guest VM could exploit CVE-2023-5090 to cause a denial of service by crashing the host kernel.

Which Linux kernel versions are affected by CVE-2023-5090?

Linux kernel versions 6.1.0-1026.26 and up to exclusive version 6.1.0-1026.27 are affected by CVE-2023-5090.

How can I fix CVE-2023-5090 on Ubuntu 22.04?

To fix CVE-2023-5090 on Ubuntu 22.04, ensure that you have the correct version of the Linux kernel packages installed: linux-image-6.1.0-1026-oem version 6.1.0-1026.26 or linux-image-oem-22.04 version 6.1.0.1026.27.

Where can I find more information about CVE-2023-5090?

You can find more information about CVE-2023-5090 at the following references: [CVE-2023-5090](https://ubuntu.com/security/CVE-2023-5090).

Vulnerability/
USN-6497-1

CWE

416

21/11/2023

USN-6497-1: Linux kernel (OEM) vulnerabilities

First published: Tue Nov 21 2023(Updated: )

Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-6.1.0-1026-oem	<6.1.0-1026.26	6.1.0-1026.26
Ubuntu Ubuntu	=22.04
All of
ubuntu/linux-image-oem-22.04	<6.1.0.1026.27	6.1.0.1026.27
Ubuntu Ubuntu	=22.04
All of
ubuntu/linux-image-oem-22.04a	<6.1.0.1026.27	6.1.0.1026.27
Ubuntu Ubuntu	=22.04
All of
ubuntu/linux-image-oem-22.04c	<6.1.0.1026.27	6.1.0.1026.27
Ubuntu Ubuntu	=22.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-5090?
The severity of CVE-2023-5090 is not specified in the information provided.
How can an attacker exploit CVE-2023-5090?
An attacker in a guest VM could exploit CVE-2023-5090 to cause a denial of service by crashing the host kernel.
Which Linux kernel versions are affected by CVE-2023-5090?
Linux kernel versions 6.1.0-1026.26 and up to exclusive version 6.1.0-1026.27 are affected by CVE-2023-5090.
How can I fix CVE-2023-5090 on Ubuntu 22.04?
To fix CVE-2023-5090 on Ubuntu 22.04, ensure that you have the correct version of the Linux kernel packages installed: linux-image-6.1.0-1026-oem version 6.1.0-1026.26 or linux-image-oem-22.04 version 6.1.0.1026.27.
Where can I find more information about CVE-2023-5090?
You can find more information about CVE-2023-5090 at the following references: [CVE-2023-5090](https://ubuntu.com/security/CVE-2023-5090).

agent/severity
agent/type
agent/last-modified-date
agent/first-publish-date
agent/title
agent/weakness
agent/description
agent/event
agent/softwarecombine
agent/references
agent/tags
agent/trending
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/22.04