English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2023.6024.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-6024-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi' package(s) announced via the USN-6024-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi' package(s) announced via the USN-6024-1 advisory.

Vulnerability Insight:
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)

Lin Ma discovered a race condition in the io_uring subsystem in the Linux
kernel, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-0468)

It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)

It was discovered that the network queuing discipline implementation in the
Linux kernel contained a null pointer dereference in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2022-47929)

Thadeu Cascardo discovered that the io_uring subsystem contained a double-
free vulnerability in certain memory allocation error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2023-1032)

It was discovered that the module decompression implementation in the Linux
kernel did not properly handle return values in certain error conditions. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-22997)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel
did not properly handle certain sysctl allocation failure conditions,
leading to a double-free vulnerability. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that the NTFS file system implementation in the Linux
kernel did not properly handle a loop termination condition, leading to an
out-of-bounds read vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-26606)

Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)

Affected Software/OS:
'linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi' package(s) on Ubuntu 22.04, Ubuntu 22.10.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2022-3424
https://bugzilla.redhat.com/show_bug.cgi?id=2132640
https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz@163.com/
https://www.spinics.net/lists/kernel/msg4518970.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-41218
Debian Security Information: DSA-5324 (Google Search)
https://www.debian.org/security/2023/dsa-5324
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fd3d91ab1c6ab0628fe642dd570b56302c30a792
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/dvb-core/dmxdev.c
https://lore.kernel.org/all/20220908132754.30532-1-tiwai@suse.de/
https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html
http://www.openwall.com/lists/oss-security/2022/09/23/4
http://www.openwall.com/lists/oss-security/2022/09/24/2
http://www.openwall.com/lists/oss-security/2022/09/24/1
Common Vulnerability Exposure (CVE) ID: CVE-2022-47929
https://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html
https://www.spinics.net/lists/netdev/msg555705.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-0468
https://bugzilla.redhat.com/show_bug.cgi?id=2164024
Common Vulnerability Exposure (CVE) ID: CVE-2023-1032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032
https://ubuntu.com/security/notices/USN-5977-1
https://ubuntu.com/security/notices/USN-6024-1
https://ubuntu.com/security/notices/USN-6033-1
https://www.openwall.com/lists/oss-security/2023/03/13/2
Common Vulnerability Exposure (CVE) ID: CVE-2023-1281
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2
https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
http://www.openwall.com/lists/oss-security/2023/04/11/3
Common Vulnerability Exposure (CVE) ID: CVE-2023-22997
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
https://github.com/torvalds/linux/commit/45af1d7aae7d5520d2858f8517a1342646f015db
Common Vulnerability Exposure (CVE) ID: CVE-2023-26545
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377
https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377
Common Vulnerability Exposure (CVE) ID: CVE-2023-26606
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=557d19675a470bb0a98beccec38c5dc3735c20fa
https://lkml.org/lkml/2023/2/20/860
Common Vulnerability Exposure (CVE) ID: CVE-2023-28328
https://bugzilla.redhat.com/show_bug.cgi?id=2177389
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.