English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2024.6607.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-6607-1)
Summary:The remote host is missing an update for the 'linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15' package(s) announced via the USN-6607-1 advisory.
Description:Summary:
The remote host is missing an update for the 'linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15' package(s) announced via the USN-6607-1 advisory.

Vulnerability Insight:
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)

Lin Ma discovered that the netfilter subsystem in the Linux kernel did not
properly validate network family support while creating a new netfilter
table. A local attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6040)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate the server frame size in certain
situation, leading to an out-of-bounds read vulnerability. An attacker
could use this to construct a malicious CIFS image that, when operated on,
could cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-6606)

Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did
not properly handle inactive elements in its PIPAPO data structure, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-6817)

Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perf
subsystem in the Linux kernel did not properly validate all event sizes
when attaching new events, leading to an out-of-bounds write vulnerability.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6931)

It was discovered that the IGMP protocol implementation in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-6932)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly check deactivated elements in certain situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2024-0193)

Affected Software/OS:
'linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15' package(s) on Ubuntu 20.04, Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-5345
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/
http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
Common Vulnerability Exposure (CVE) ID: CVE-2023-6040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040
https://www.openwall.com/lists/oss-security/2024/01/12/1
http://www.openwall.com/lists/oss-security/2024/01/12/1
Common Vulnerability Exposure (CVE) ID: CVE-2023-6606
RHBZ#2253611
https://bugzilla.redhat.com/show_bug.cgi?id=2253611
RHSA-2024:0723
https://access.redhat.com/errata/RHSA-2024:0723
RHSA-2024:0725
https://access.redhat.com/errata/RHSA-2024:0725
RHSA-2024:0881
https://access.redhat.com/errata/RHSA-2024:0881
RHSA-2024:0897
https://access.redhat.com/errata/RHSA-2024:0897
RHSA-2024:1188
https://access.redhat.com/errata/RHSA-2024:1188
RHSA-2024:1248
https://access.redhat.com/errata/RHSA-2024:1248
RHSA-2024:1404
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/security/cve/CVE-2023-6606
https://bugzilla.kernel.org/show_bug.cgi?id=218218
https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-6817
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a
https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
http://www.openwall.com/lists/oss-security/2023/12/22/6
http://www.openwall.com/lists/oss-security/2023/12/22/13
Common Vulnerability Exposure (CVE) ID: CVE-2023-6931
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b
https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b
Common Vulnerability Exposure (CVE) ID: CVE-2023-6932
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1
https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1
Common Vulnerability Exposure (CVE) ID: CVE-2024-0193
RHBZ#2255653
https://bugzilla.redhat.com/show_bug.cgi?id=2255653
RHSA-2024:1018
https://access.redhat.com/errata/RHSA-2024:1018
RHSA-2024:1019
https://access.redhat.com/errata/RHSA-2024:1019
https://access.redhat.com/security/cve/CVE-2024-0193
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.