{"id":"USN-6079-1","summary":"linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities","details":"It was discovered that some AMD x86-64 processors with SMT enabled could\nspeculatively execute instructions using a return address from a sibling\nthread. A local attacker could possibly use this to expose sensitive\ninformation. (CVE-2022-27672)\n\nZiming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux\nkernel contained an out-of-bounds write vulnerability. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2022-36280)\n\nZheng Wang discovered that the Intel i915 graphics driver in the Linux\nkernel did not properly handle certain error conditions, leading to a\ndouble-free. A local attacker could possibly use this to cause a denial of\nservice (system crash). (CVE-2022-3707)\n\nHaowei Yan discovered that a race condition existed in the Layer 2\nTunneling Protocol (L2TP) implementation in the Linux kernel. A local\nattacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2022-4129)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel contained a null pointer dereference in some situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2022-4842)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel did not properly validate attributes in certain situations, leading\nto an out-of-bounds write vulnerability. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2022-48423)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel did not properly validate attributes in certain situations, leading\nto an out-of-bounds read vulnerability. A local attacker could possibly use\nthis to expose sensitive information (kernel memory). (CVE-2022-48424)\n\nIt was discovered that the KSMBD implementation in the Linux kernel did not\nproperly validate buffer lengths, leading to a heap-based buffer overflow.\nA remote attacker could possibly use this to cause a denial of service\n(system crash). (CVE-2023-0210)\n\nKyle Zeng discovered that the IPv6 implementation in the Linux kernel\ncontained a NULL pointer dereference vulnerability in certain situations. A\nlocal attacker could use this to cause a denial of service (system crash).\n(CVE-2023-0394)\n\nJordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the\ndo_prlimit() function in the Linux kernel did not properly handle\nspeculative execution barriers. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2023-0458)\n\nJordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did\nnot properly implement speculative execution barriers in usercopy functions\nin certain situations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2023-0459)\n\nIt was discovered that the Human Interface Device (HID) support driver in\nthe Linux kernel contained a type confusion vulnerability in some\nsituations. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2023-1073)\n\nIt was discovered that a memory leak existed in the SCTP protocol\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2023-1074)\n\nIt was discovered that the TLS subsystem in the Linux kernel contained a\ntype confusion vulnerability in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly expose\nsensitive information. (CVE-2023-1075)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel contained a type confusion vulnerability\nin some situations. An attacker could use this to cause a denial of service\n(system crash). (CVE-2023-1078)\n\nXingyuan Mo discovered that the x86 KVM implementation in the Linux kernel\ndid not properly initialize some data structures. A local attacker could\nuse this to expose sensitive information (kernel memory). (CVE-2023-1513)\n\nIt was discovered that the NFS implementation in the Linux kernel did not\nproperly handle pending tasks in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or expose sensitive\ninformation (kernel memory). (CVE-2023-1652)\n\nIt was discovered that the ARM64 EFI runtime services implementation in the\nLinux kernel did not properly manage concurrency calls. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2023-21102)\n\nIt was discovered that a race condition existed in Adreno GPU DRM driver in\nthe Linux kernel, leading to a double-free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2023-21106)\n\nIt was discovered that a use-after-free vulnerability existed in the iSCSI\nTCP implementation in the Linux kernel. A local attacker could possibly use\nthis to cause a denial of service (system crash). (CVE-2023-2162)\n\nKyle Zeng discovered that the class-based queuing discipline implementation\nin the Linux kernel contained a type confusion vulnerability in some\nsituations. An attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-23454)\n\nKyle Zeng discovered that the ATM VC queuing discipline implementation in\nthe Linux kernel contained a type confusion vulnerability in some\nsituations. An attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-23455)\n\nIt was discovered that the NTFS file system implementation in the Linux\nkernel did not properly validate the size of attributes when parsing MFT. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash) or expose sensitive information (kernel memory). (CVE-2023-26544)\n\nIt was discovered that the NET/ROM protocol implementation in the Linux\nkernel contained a race condition in some situations, leading to a use-\nafter-free vulnerability. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-32269)\n\nDuoming Zhou discovered that a race condition existed in the infrared\nreceiver/transceiver driver in the Linux kernel, leading to a use-after-\nfree vulnerability. A privileged attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-1118)\n\n","modified":"2026-02-10T04:43:08Z","published":"2023-05-16T13:55:34Z","related":["UBUNTU-CVE-2022-27672","UBUNTU-CVE-2022-36280","UBUNTU-CVE-2022-3707","UBUNTU-CVE-2022-4129","UBUNTU-CVE-2022-4842","UBUNTU-CVE-2022-48423","UBUNTU-CVE-2022-48424","UBUNTU-CVE-2023-0210","UBUNTU-CVE-2023-0394","UBUNTU-CVE-2023-0458","UBUNTU-CVE-2023-0459","UBUNTU-CVE-2023-1073","UBUNTU-CVE-2023-1074","UBUNTU-CVE-2023-1075","UBUNTU-CVE-2023-1078","UBUNTU-CVE-2023-1118","UBUNTU-CVE-2023-1513","UBUNTU-CVE-2023-1652","UBUNTU-CVE-2023-21102","UBUNTU-CVE-2023-21106","UBUNTU-CVE-2023-2162","UBUNTU-CVE-2023-23454","UBUNTU-CVE-2023-23455","UBUNTU-CVE-2023-26544","UBUNTU-CVE-2023-32269"],"upstream":["CVE-2022-27672","CVE-2022-36280","CVE-2022-3707","CVE-2022-4129","CVE-2022-4842","CVE-2022-48423","CVE-2022-48424","CVE-2023-0210","CVE-2023-0394","CVE-2023-0458","CVE-2023-0459","CVE-2023-1073","CVE-2023-1074","CVE-2023-1075","CVE-2023-1078","CVE-2023-1118","CVE-2023-1513","CVE-2023-1652","CVE-2023-21102","CVE-2023-21106","CVE-2023-2162","CVE-2023-23454","CVE-2023-23455","CVE-2023-26544","CVE-2023-32269","UBUNTU-CVE-2022-27672","UBUNTU-CVE-2022-36280","UBUNTU-CVE-2022-3707","UBUNTU-CVE-2022-4129","UBUNTU-CVE-2022-4842","UBUNTU-CVE-2022-48423","UBUNTU-CVE-2022-48424","UBUNTU-CVE-2023-0210","UBUNTU-CVE-2023-0394","UBUNTU-CVE-2023-0458","UBUNTU-CVE-2023-0459","UBUNTU-CVE-2023-1073","UBUNTU-CVE-2023-1074","UBUNTU-CVE-2023-1075","UBUNTU-CVE-2023-1078","UBUNTU-CVE-2023-1118","UBUNTU-CVE-2023-1513","UBUNTU-CVE-2023-1652","UBUNTU-CVE-2023-21102","UBUNTU-CVE-2023-21106","UBUNTU-CVE-2023-2162","UBUNTU-CVE-2023-23454","UBUNTU-CVE-2023-23455","UBUNTU-CVE-2023-26544","UBUNTU-CVE-2023-32269"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6079-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3707"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4129"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-4842"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-27672"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-36280"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-48423"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-48424"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0210"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0394"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0458"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0459"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1073"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1074"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1075"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1078"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1118"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1513"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1652"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2162"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-21102"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-21106"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-23454"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-23455"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-26544"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-32269"}],"affected":[{"package":{"name":"linux-azure-5.19","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/linux-azure-5.19@5.19.0-1026.29~22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.19.0-1026.29~22.04.1"}]}],"versions":["5.19.0-1020.21~22.04.1","5.19.0-1021.22~22.04.1","5.19.0-1022.23~22.04.1","5.19.0-1023.24~22.04.1","5.19.0-1025.28~22.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-azure-5.19-cloud-tools-5.19.0-1026","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-azure-5.19-headers-5.19.0-1026","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-azure-5.19-tools-5.19.0-1026","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-buildinfo-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-cloud-tools-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-headers-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-image-unsigned-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-modules-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-modules-extra-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"},{"binary_name":"linux-tools-5.19.0-1026-azure","binary_version":"5.19.0-1026.29~22.04.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6079-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-3707"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-4129"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-4842"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-27672"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-36280"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-48423"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2022-48424"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-0210"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-0394"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-0458"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-0459"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1073"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1074"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1075"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1078"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}],"id":"CVE-2023-1118"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1513"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1652"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-2162"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-21102"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-21106"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-23454"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-23455"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-26544"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-32269"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.3"}