Detections
Analytics

Ubuntu 23.04 : Linux kernel vulnerabilities (USN-6283-1)

high Nessus Plugin ID 179705

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6283-1 advisory.

 - A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. (CVE-2023-2002)

 - A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub- component. (CVE-2023-2269)

 - A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. (CVE-2023-3141)

 - A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. (CVE-2023-32248)

 - A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. (CVE-2023-32254)

 - An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. (CVE-2023-3268)

 - A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel.
 This flaw, during device unbind will lead to double release problem leading to denial of service.
 (CVE-2023-3312)

 - A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel.
 This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem. (CVE-2023-3317)

 - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. (CVE-2023-35823)

 - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. (CVE-2023-35824)

 - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. (CVE-2023-35826)

 - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. (CVE-2023-35828)

 - An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. (CVE-2023-35829)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-6283-1

Plugin Details

Severity: High

ID: 179705

File Name: ubuntu_USN-6283-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 8/11/2023

Updated: 1/9/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-32254

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-1010-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-27-generic-64k, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-27-generic-lpae, cpe:/o:canonical:ubuntu_linux:23.04, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-1009-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-27-generic, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-1009-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-1007-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-1009-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.2.0-1011-gcp

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/11/2023

Vulnerability Publication Date: 4/25/2023

Reference Information

CVE: CVE-2023-2002, CVE-2023-2269, CVE-2023-3141, CVE-2023-32248, CVE-2023-32254, CVE-2023-3268, CVE-2023-3312, CVE-2023-3317, CVE-2023-35823, CVE-2023-35824, CVE-2023-35826, CVE-2023-35828, CVE-2023-35829

USN: 6283-1