Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.5884.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5884-1)
Summary:	The remote host is missing an update for the 'linux-aws' package(s) announced via the USN-5884-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-aws' package(s) announced via the USN-5884-1 advisory. Vulnerability Insight: Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20566) Duoming Zhou discovered that a race condition existed in the SLIP driver in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2022-41858) Tamas Koczka discovered that the Bluetooth L2CAP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-42895) Jose Oliveira and Rodrigo Branco discovered that the prctl syscall implementation in the Linux kernel did not properly protect against indirect branch prediction attacks in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2023-0045) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access could plug in a malicious USB device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-23559) Affected Software/OS: 'linux-aws' package(s) on Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-4155 https://access.redhat.com/security/cve/CVE-2021-4155 https://bugzilla.redhat.com/show_bug.cgi?id=2034813 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79 https://security-tracker.debian.org/tracker/CVE-2021-4155 https://www.openwall.com/lists/oss-security/2022/01/10/1 Common Vulnerability Exposure (CVE) ID: CVE-2022-20566 https://source.android.com/security/bulletin/pixel/2022-12-01 Common Vulnerability Exposure (CVE) ID: CVE-2022-41858 https://github.com/torvalds/linux/commit/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 Common Vulnerability Exposure (CVE) ID: CVE-2022-42895 https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e Common Vulnerability Exposure (CVE) ID: CVE-2023-0045 https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2023-23559 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.