Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6536-1)

critical Nessus Plugin ID 186614

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6536-1 advisory.

- A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (CVE-2023-39189)

- A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. (CVE-2023-42754)

- The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. (CVE-2023-45898)

- A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.
(CVE-2023-5158)

- A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem. (CVE-2023-5178)

- A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. (CVE-2023-5717)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

See Also

https://ubuntu.com/security/notices/USN-6536-1

Plugin Details

Severity: Critical

ID: 186614

File Name: ubuntu_USN-6536-1.nasl

Version: 1.3

Type: local

Agent: unix

Published: 12/6/2023

Updated: 1/17/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-5178

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:canonical:ubuntu_linux:23.10, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1005-starfive, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1007-laptop, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1008-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1009-azure, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1009-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1009-oem, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1011-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-1013-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-14-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-image-6.5.0-14-lowlatency-64k

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/6/2023

Vulnerability Publication Date: 9/25/2023

Reference Information

CVE: CVE-2023-39189, CVE-2023-42754, CVE-2023-45898, CVE-2023-5158, CVE-2023-5178, CVE-2023-5717

USN: 6536-1