English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2023.6340.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-6340-1)
Summary:The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4' package(s) announced via the USN-6340-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4' package(s) announced via the USN-6340-1 advisory.

Vulnerability Insight:
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did
not properly perform permissions checks when handling HCI sockets. A
physically proximate attacker could use this to cause a denial of service
(bluetooth communication). (CVE-2023-2002)

Zi Fan Tan discovered that the binder IPC implementation in the Linux
kernel contained a use-after-free vulnerability. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-21255)

Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski
discovered that the BPF verifier in the Linux kernel did not properly mark
registers for precision tracking in certain situations, leading to an out-
of-bounds access vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-2163)

Zheng Zhang discovered that the device-mapper implementation in the Linux
kernel did not properly handle locking during table_clear() operations. A
local attacker could use this to cause a denial of service (kernel
deadlock). (CVE-2023-2269)

It was discovered that the DVB Core driver in the Linux kernel did not
properly handle locking events in certain situations. A local attacker
could use this to cause a denial of service (kernel deadlock).
(CVE-2023-31084)

It was discovered that the kernel->user space relay implementation in the
Linux kernel did not properly perform certain buffer calculations, leading
to an out-of-bounds read vulnerability. A local attacker could use this to
cause a denial of service (system crash) or expose sensitive information
(kernel memory). (CVE-2023-3268)

It was discovered that the video4linux driver for Philips based TV cards in
the Linux kernel contained a race condition during device removal, leading
to a use-after-free vulnerability. A physically proximate attacker could
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-35823)

It was discovered that the SDMC DM1105 PCI device driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-35824)

It was discovered that the Renesas USB controller driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A privileged attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-35828)

Affected Software/OS:
'linux, linux-aws, linux-aws-5.4, linux-gcp, linux-hwe-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4' package(s) on Ubuntu 18.04, Ubuntu 20.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-2002
Debian Security Information: DSA-5480 (Google Search)
https://www.debian.org/security/2023/dsa-5480
https://www.openwall.com/lists/oss-security/2023/04/16/3
https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-21255
https://android.googlesource.com/kernel/common/+/1ca1130ec62d
https://source.android.com/security/bulletin/2023-07-01
Common Vulnerability Exposure (CVE) ID: CVE-2023-2163
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed
Common Vulnerability Exposure (CVE) ID: CVE-2023-2269
Debian Security Information: DSA-5448 (Google Search)
https://www.debian.org/security/2023/dsa-5448
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXHBLWYNSUBS77TYPOJTADPDXKBH2F4U/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBLBKW2WM5YSTS6OGEU5SYHXSJ5EWSTV/
https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV@redhat.com/t/
Common Vulnerability Exposure (CVE) ID: CVE-2023-31084
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b8c75e4a1b325ea0a9433fa8834be97b5836b946
https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
Common Vulnerability Exposure (CVE) ID: CVE-2023-3268
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1
https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/
Common Vulnerability Exposure (CVE) ID: CVE-2023-35823
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389
https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/
https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz@163.com/t/
Common Vulnerability Exposure (CVE) ID: CVE-2023-35824
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5abda7a16698d4d1f47af1168d8fa2c640116b4a
https://lore.kernel.org/lkml/20230318081506.795147-1-zyytlz.wz@163.com/
Common Vulnerability Exposure (CVE) ID: CVE-2023-35828
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b947f8769be8b8181dc795fd292d3e7120f5204
https://lore.kernel.org/all/20230327121700.52d881e0@canb.auug.org.au/
https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA@mail.gmail.com/T/
CopyrightCopyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.