What is the vulnerability ID of this Linux kernel vulnerability?

The vulnerability ID of this Linux kernel vulnerability is CVE-2023-31085.

What is the severity of CVE-2023-31085?

The severity of CVE-2023-31085 is not mentioned in the provided information.

How can a local privileged attacker exploit CVE-2023-31085?

A local privileged attacker can exploit CVE-2023-31085 to cause a denial of service (system crash).

Which versions of Linux kernel are affected by this vulnerability?

The affected versions of Linux kernel are not mentioned in the provided information.

Where can I find more information about this Linux kernel vulnerability?

You can find more information about this Linux kernel vulnerability on the Ubuntu security advisory website using the provided references.

Vulnerability/
USN-6503-1

CWE

416 362

21/11/2023

USN-6503-1: Linux kernel vulnerabilities

First published: Tue Nov 21 2023(Updated: )

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Bien Pham discovered that the netfiler subsystem in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4244) Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090) It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5345) Murray McAllister discovered that the VMware Virtual GPU DRM driver in the Linux kernel did not properly handle memory objects when storing surfaces, leading to a use-after-free vulnerability. A local attacker in a guest VM could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5633)

Affected Software	Affected Version	How to fix
All of
ubuntu/linux-image-6.5.0-1004-starfive	<6.5.0-1004.5	6.5.0-1004.5
	=23.10
All of
ubuntu/linux-image-6.5.0-1006-laptop	<6.5.0-1006.9	6.5.0-1006.9
	=23.10
All of
ubuntu/linux-image-6.5.0-1007-raspi	<6.5.0-1007.9	6.5.0-1007.9
	=23.10
All of
ubuntu/linux-image-6.5.0-1010-aws	<6.5.0-1010.10	6.5.0-1010.10
	=23.10
All of
ubuntu/linux-image-6.5.0-1012-oracle	<6.5.0-1012.12	6.5.0-1012.12
	=23.10
All of
ubuntu/linux-image-6.5.0-13-generic	<6.5.0-13.13	6.5.0-13.13
	=23.10
All of
ubuntu/linux-image-6.5.0-13-generic-64k	<6.5.0-13.13	6.5.0-13.13
	=23.10
All of
ubuntu/linux-image-6.5.0-13-lowlatency	<6.5.0-13.13.1	6.5.0-13.13.1
	=23.10
All of
ubuntu/linux-image-6.5.0-13-lowlatency-64k	<6.5.0-13.13.1	6.5.0-13.13.1
	=23.10
All of
ubuntu/linux-image-aws	<6.5.0.1010.10	6.5.0.1010.10
	=23.10
All of
ubuntu/linux-image-generic	<6.5.0.13.15	6.5.0.13.15
	=23.10
All of
ubuntu/linux-image-generic-64k	<6.5.0.13.15	6.5.0.13.15
	=23.10
All of
ubuntu/linux-image-generic-lpae	<6.5.0.13.15	6.5.0.13.15
	=23.10
All of
ubuntu/linux-image-kvm	<6.5.0.13.15	6.5.0.13.15
	=23.10
All of
ubuntu/linux-image-laptop-23.10	<6.5.0.1006.9	6.5.0.1006.9
	=23.10
All of
ubuntu/linux-image-lowlatency	<6.5.0.13.13.11	6.5.0.13.13.11
	=23.10
All of
ubuntu/linux-image-lowlatency-64k	<6.5.0.13.13.11	6.5.0.13.13.11
	=23.10
All of
ubuntu/linux-image-oracle	<6.5.0.1012.12	6.5.0.1012.12
	=23.10
All of
ubuntu/linux-image-raspi	<6.5.0.1007.8	6.5.0.1007.8
	=23.10
All of
ubuntu/linux-image-raspi-nolpae	<6.5.0.1007.8	6.5.0.1007.8
	=23.10
All of
ubuntu/linux-image-starfive	<6.5.0.1004.6	6.5.0.1004.6
	=23.10
All of
ubuntu/linux-image-virtual	<6.5.0.13.15	6.5.0.13.15
	=23.10
All of
ubuntu/linux-image-6.5.0-1008-oem	<6.5.0-1008.8	6.5.0-1008.8
	=22.04
All of
ubuntu/linux-image-oem-22.04d	<6.5.0.1008.10	6.5.0.1008.10
	=22.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID of this Linux kernel vulnerability?
The vulnerability ID of this Linux kernel vulnerability is CVE-2023-31085.
What is the severity of CVE-2023-31085?
The severity of CVE-2023-31085 is not mentioned in the provided information.
How can a local privileged attacker exploit CVE-2023-31085?
A local privileged attacker can exploit CVE-2023-31085 to cause a denial of service (system crash).
Which versions of Linux kernel are affected by this vulnerability?
The affected versions of Linux kernel are not mentioned in the provided information.
Where can I find more information about this Linux kernel vulnerability?
You can find more information about this Linux kernel vulnerability on the Ubuntu security advisory website using the provided references.

agent/severity
agent/weakness
agent/type
agent/first-publish-date
agent/last-modified-date
agent/title
agent/description
agent/softwarecombine
agent/event
agent/references
agent/tags
agent/trending
collector/usn
source/Ubuntu
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/23.10
version/ubuntu ubuntu/22.04