English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2024.6604.2
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-6604-2)
Summary:The remote host is missing an update for the 'linux-azure, linux-azure-4.15' package(s) announced via the USN-6604-2 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-azure, linux-azure-4.15' package(s) announced via the USN-6604-2 advisory.

Vulnerability Insight:
It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)

Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii
Oleksenko discovered that some AMD processors could leak stale data from
division operations in certain situations. A local attacker could possibly
use this to expose sensitive information. (CVE-2023-20588)

It was discovered that a race condition existed in the Linux kernel when
performing operations with kernel objects, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or execute arbitrary code. (CVE-2023-45863)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Affected Software/OS:
'linux-azure, linux-azure-4.15' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-1079
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-20588
Debian Security Information: DSA-5480 (Google Search)
https://www.debian.org/security/2023/dsa-5480
Debian Security Information: DSA-5492 (Google Search)
https://www.debian.org/security/2023/dsa-5492
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3/
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007
https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
http://www.openwall.com/lists/oss-security/2023/09/25/4
http://www.openwall.com/lists/oss-security/2023/09/25/7
http://www.openwall.com/lists/oss-security/2023/09/25/8
http://www.openwall.com/lists/oss-security/2023/09/25/3
http://www.openwall.com/lists/oss-security/2023/09/25/5
http://www.openwall.com/lists/oss-security/2023/09/26/5
http://www.openwall.com/lists/oss-security/2023/09/26/8
http://www.openwall.com/lists/oss-security/2023/09/26/9
http://www.openwall.com/lists/oss-security/2023/09/27/1
http://www.openwall.com/lists/oss-security/2023/10/03/12
http://www.openwall.com/lists/oss-security/2023/10/03/13
http://www.openwall.com/lists/oss-security/2023/10/03/14
http://www.openwall.com/lists/oss-security/2023/10/03/15
http://www.openwall.com/lists/oss-security/2023/10/03/9
http://www.openwall.com/lists/oss-security/2023/10/04/2
http://www.openwall.com/lists/oss-security/2023/10/03/16
http://www.openwall.com/lists/oss-security/2023/10/04/1
http://www.openwall.com/lists/oss-security/2023/10/04/3
http://www.openwall.com/lists/oss-security/2023/10/04/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45863
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-6606
RHBZ#2253611
https://bugzilla.redhat.com/show_bug.cgi?id=2253611
RHSA-2024:0723
https://access.redhat.com/errata/RHSA-2024:0723
RHSA-2024:0725
https://access.redhat.com/errata/RHSA-2024:0725
RHSA-2024:0881
https://access.redhat.com/errata/RHSA-2024:0881
RHSA-2024:0897
https://access.redhat.com/errata/RHSA-2024:0897
RHSA-2024:1188
https://access.redhat.com/errata/RHSA-2024:1188
RHSA-2024:1248
https://access.redhat.com/errata/RHSA-2024:1248
RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/security/cve/CVE-2023-6606
https://bugzilla.kernel.org/show_bug.cgi?id=218218
Common Vulnerability Exposure (CVE) ID: CVE-2023-6931
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b
https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b
Common Vulnerability Exposure (CVE) ID: CVE-2023-6932
http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1
https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.