{"id":"USN-6033-1","summary":"linux-oem-6.1 vulnerabilities","details":"It was discovered that the Traffic-Control Index (TCINDEX) implementation\nin the Linux kernel did not properly perform filter deactivation in some\nsituations. A local attacker could possibly use this to gain elevated\nprivileges. Please note that with the fix for this CVE, kernel support for\nthe TCINDEX classifier has been removed. (CVE-2023-1829)\n\nWilliam Zhao discovered that the Traffic Control (TC) subsystem in the\nLinux kernel did not properly handle network packet retransmission in\ncertain situations. A local attacker could use this to cause a denial of\nservice (kernel deadlock). (CVE-2022-4269)\n\nThadeu Cascardo discovered that the io_uring subsystem contained a double-\nfree vulnerability in certain memory allocation error conditions. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2023-1032)\n\nIt was discovered that the TUN/TAP driver in the Linux kernel did not\nproperly initialize socket data. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2023-1076)\n\nIt was discovered that the Real-Time Scheduling Class implementation in the\nLinux kernel contained a type confusion vulnerability in some situations. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2023-1077)\n\nIt was discovered that the ASUS HID driver in the Linux kernel did not\nproperly handle device removal, leading to a use-after-free vulnerability.\nA local attacker with physical access could plug in a specially crafted USB\ndevice to cause a denial of service (system crash). (CVE-2023-1079)\n\nIt was discovered that the io_uring subsystem in the Linux kernel did not\nproperly perform file table updates in some situations, leading to a null\npointer dereference vulnerability. A local attacker could use this to cause\na denial of service (system crash). (CVE-2023-1583)\n\nIt was discovered that the Xircom PCMCIA network device driver in the Linux\nkernel did not properly handle device removal events. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-1670)\n\nIt was discovered that the APM X-Gene SoC hardware monitoring driver in the\nLinux kernel contained a race condition, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or expose sensitive information (kernel memory).\n(CVE-2023-1855)\n\nIt was discovered that a race condition existed in the Bluetooth HCI SDIO\ndriver, leading to a use-after-free vulnerability. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2023-1989)\n\nIt was discovered that the ST NCI NFC driver did not properly handle device\nremoval events. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2023-1990)\n\nJose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2\nmitigations with prctl syscall were insufficient in some situations. A\nlocal attacker could possibly use this to expose sensitive information.\n(CVE-2023-1998)\n\nIt was discovered that the BigBen Interactive Kids' gamepad driver in the\nLinux kernel did not properly handle device removal, leading to a use-\nafter-free vulnerability. A local attacker with physical access could plug\nin a specially crafted USB device to cause a denial of service (system\ncrash). (CVE-2023-25012)\n\nIt was discovered that a race condition existed in the TLS subsystem in the\nLinux kernel, leading to a use-after-free or a null pointer dereference\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-28466)\n\nIt was discovered that the Bluetooth subsystem in the Linux kernel did not\nproperly initialize some data structures, leading to an out-of-bounds\naccess vulnerability in certain situations. An attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2023-28866)\n\nReima Ishii discovered that the nested KVM implementation for Intel x86\nprocessors in the Linux kernel did not properly validate control registers\nin certain situations. An attacker in a guest VM could use this to cause a\ndenial of service (guest crash). (CVE-2023-30456)\n\nDuoming Zhou discovered that a race condition existed in the infrared\nreceiver/transceiver driver in the Linux kernel, leading to a use-after-\nfree vulnerability. A privileged attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-1118)\n\n","modified":"2026-02-10T04:43:06Z","published":"2023-04-19T18:08:59Z","related":["UBUNTU-CVE-2022-4269","UBUNTU-CVE-2023-1032","UBUNTU-CVE-2023-1076","UBUNTU-CVE-2023-1077","UBUNTU-CVE-2023-1079","UBUNTU-CVE-2023-1118","UBUNTU-CVE-2023-1583","UBUNTU-CVE-2023-1670","UBUNTU-CVE-2023-1829","UBUNTU-CVE-2023-1855","UBUNTU-CVE-2023-1989","UBUNTU-CVE-2023-1990","UBUNTU-CVE-2023-1998","UBUNTU-CVE-2023-25012","UBUNTU-CVE-2023-28466","UBUNTU-CVE-2023-28866","UBUNTU-CVE-2023-30456"],"upstream":["CVE-2022-4269","CVE-2023-1032","CVE-2023-1076","CVE-2023-1077","CVE-2023-1079","CVE-2023-1118","CVE-2023-1583","CVE-2023-1670","CVE-2023-1829","CVE-2023-1855","CVE-2023-1989","CVE-2023-1990","CVE-2023-1998","CVE-2023-25012","CVE-2023-28466","CVE-2023-28866","CVE-2023-30456","UBUNTU-CVE-2022-4269","UBUNTU-CVE-2023-1032","UBUNTU-CVE-2023-1076","UBUNTU-CVE-2023-1077","UBUNTU-CVE-2023-1079","UBUNTU-CVE-2023-1118","UBUNTU-CVE-2023-1583","UBUNTU-CVE-2023-1670","UBUNTU-CVE-2023-1829","UBUNTU-CVE-2023-1855","UBUNTU-CVE-2023-1989","UBUNTU-CVE-2023-1990","UBUNTU-CVE-2023-1998","UBUNTU-CVE-2023-25012","UBUNTU-CVE-2023-28466","UBUNTU-CVE-2023-28866","UBUNTU-CVE-2023-30456"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6033-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4269"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1032"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1076"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1077"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1079"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1118"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1583"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1670"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1829"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1855"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1989"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1990"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1998"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-25012"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-28466"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-28866"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-30456"}],"affected":[{"package":{"name":"linux-oem-6.1","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-6.1@6.1.0-1009.9?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.0-1009.9"}]}],"versions":["6.1.0-1004.4","6.1.0-1006.6","6.1.0-1007.7","6.1.0-1008.8"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.0-1009.9","binary_name":"linux-buildinfo-6.1.0-1009-oem"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-headers-6.1.0-1009-oem"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-image-unsigned-6.1.0-1009-oem"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-modules-6.1.0-1009-oem"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-modules-ipu6-6.1.0-1009-oem"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-modules-ivsc-6.1.0-1009-oem"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-oem-6.1-headers-6.1.0-1009"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-oem-6.1-tools-6.1.0-1009"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-oem-6.1-tools-host"},{"binary_version":"6.1.0-1009.9","binary_name":"linux-tools-6.1.0-1009-oem"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6033-1.json","cves_map":{"cves":[{"id":"CVE-2022-4269","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-1032","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-1076","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-1077","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-1079","severity":[{"score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-1118","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2023-1583","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-1670","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-1829","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-1855","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-1989","severity":[{"score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-1990","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-1998","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-25012","severity":[{"score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-28466","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-28866","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-30456","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.3"}