Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6497.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6497-1)
Summary:	The remote host is missing an update for the 'linux-oem-6.1' package(s) announced via the USN-6497-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-oem-6.1' package(s) announced via the USN-6497-1 advisory. Vulnerability Insight: Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090) Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly handle queue initialization failures in certain situations, leading to a use-after-free vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5178) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717) Affected Software/OS: 'linux-oem-6.1' package(s) on Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-5090 RHBZ#2248122 https://bugzilla.redhat.com/show_bug.cgi?id=2248122 RHSA-2024:3854 https://access.redhat.com/errata/RHSA-2024:3854 RHSA-2024:3855 https://access.redhat.com/errata/RHSA-2024:3855 https://access.redhat.com/security/cve/CVE-2023-5090 Common Vulnerability Exposure (CVE) ID: CVE-2023-5178 RHBZ#2241924 https://bugzilla.redhat.com/show_bug.cgi?id=2241924 RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7370 RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7379 RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7418 RHSA-2023:7548 https://access.redhat.com/errata/RHSA-2023:7548 RHSA-2023:7549 https://access.redhat.com/errata/RHSA-2023:7549 RHSA-2023:7551 https://access.redhat.com/errata/RHSA-2023:7551 RHSA-2023:7554 https://access.redhat.com/errata/RHSA-2023:7554 RHSA-2023:7557 https://access.redhat.com/errata/RHSA-2023:7557 RHSA-2023:7559 https://access.redhat.com/errata/RHSA-2023:7559 RHSA-2024:0340 https://access.redhat.com/errata/RHSA-2024:0340 RHSA-2024:0378 https://access.redhat.com/errata/RHSA-2024:0378 RHSA-2024:0386 https://access.redhat.com/errata/RHSA-2024:0386 RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412 RHSA-2024:0431 https://access.redhat.com/errata/RHSA-2024:0431 RHSA-2024:0432 https://access.redhat.com/errata/RHSA-2024:0432 RHSA-2024:0461 https://access.redhat.com/errata/RHSA-2024:0461 RHSA-2024:0554 https://access.redhat.com/errata/RHSA-2024:0554 RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575 RHSA-2024:1268 https://access.redhat.com/errata/RHSA-2024:1268 RHSA-2024:1269 https://access.redhat.com/errata/RHSA-2024:1269 RHSA-2024:1278 https://access.redhat.com/errata/RHSA-2024:1278 https://access.redhat.com/security/cve/CVE-2023-5178 https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/ https://security.netapp.com/advisory/ntap-20231208-0004/ Common Vulnerability Exposure (CVE) ID: CVE-2023-5717 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06 https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06 https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.