English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2023.6223.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-6223-1)
Summary:The remote host is missing an update for the 'linux-azure-fde' package(s) announced via the USN-6223-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-azure-fde' package(s) announced via the USN-6223-1 advisory.

Vulnerability Insight:
It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)

It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)

It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)

It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)

It was discovered that a race condition existed in the Xen transport layer
implementation for the 9P file system protocol in the Linux kernel, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (guest crash) or expose sensitive information (guest
kernel memory). (CVE-2023-1859)

Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)

It was discovered that the BigBen Interactive Kids' gamepad driver in the
Linux kernel did not properly handle device removal, leading to a use-
after-free vulnerability. A local attacker with physical access could plug
in a specially crafted USB device to cause a denial of service (system
crash). (CVE-2023-25012)

It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)

Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)

Affected Software/OS:
'linux-azure-fde' package(s) on Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-1076
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-1077
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-1079
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-1670
https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz@163.com/
Common Vulnerability Exposure (CVE) ID: CVE-2023-1859
https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/
Common Vulnerability Exposure (CVE) ID: CVE-2023-1998
https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx
https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d
https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
Common Vulnerability Exposure (CVE) ID: CVE-2023-25012
https://bugzilla.suse.com/show_bug.cgi?id=1207560
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d2a2fd844ec7da70d19fabb482304fd1e0595b
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76ca8da989c7d97a7f76c75d475fe95a584439d7
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9fefb6201c4f8dd9f58c581b2a66e5cde2895ea2
https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
https://seclists.org/oss-sec/2023/q1/53
http://www.openwall.com/lists/oss-security/2023/02/02/1
http://www.openwall.com/lists/oss-security/2023/11/05/1
Common Vulnerability Exposure (CVE) ID: CVE-2023-2985
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32
Common Vulnerability Exposure (CVE) ID: CVE-2023-35788
Debian Security Information: DSA-5448 (Google Search)
https://www.debian.org/security/2023/dsa-5448
Debian Security Information: DSA-5480 (Google Search)
https://www.debian.org/security/2023/dsa-5480
http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
https://www.openwall.com/lists/oss-security/2023/06/07/1
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
http://www.openwall.com/lists/oss-security/2023/06/17/1
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.