{"id":"USN-6132-1","summary":"linux-aws-5.4, linux-bluefield vulnerabilities","details":"\nPatryk Sondej and Piotr Krysiuk discovered that a race condition existed in\nthe netfilter subsystem of the Linux kernel when processing batch requests,\nleading to a use-after-free vulnerability. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2023-32233)\n\nGwangun Jung discovered that the Quick Fair Queueing scheduler\nimplementation in the Linux kernel contained an out-of-bounds write\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-31436)\n\nReima Ishii discovered that the nested KVM implementation for Intel x86\nprocessors in the Linux kernel did not properly validate control registers\nin certain situations. An attacker in a guest VM could use this to cause a\ndenial of service (guest crash). (CVE-2023-30456)\n\nIt was discovered that the Broadcom FullMAC USB WiFi driver in the Linux\nkernel did not properly perform data buffer size validation in some\nsituations. A physically proximate attacker could use this to craft a\nmalicious USB device that when inserted, could cause a denial of service\n(system crash) or possibly expose sensitive information. (CVE-2023-1380)\n\nZheng Wang discovered that the Intel i915 graphics driver in the Linux\nkernel did not properly handle certain error conditions, leading to a\ndouble-free. A local attacker could possibly use this to cause a denial of\nservice (system crash). (CVE-2022-3707)\n\nJordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did\nnot properly implement speculative execution barriers in usercopy functions\nin certain situations. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2023-0459)\n\nIt was discovered that the TLS subsystem in the Linux kernel contained a\ntype confusion vulnerability in some situations. A local attacker could use\nthis to cause a denial of service (system crash) or possibly expose\nsensitive information. (CVE-2023-1075)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel contained a type confusion vulnerability\nin some situations. An attacker could use this to cause a denial of service\n(system crash). (CVE-2023-1078)\n\nXingyuan Mo discovered that the x86 KVM implementation in the Linux kernel\ndid not properly initialize some data structures. A local attacker could\nuse this to expose sensitive information (kernel memory). (CVE-2023-1513)\n\nIt was discovered that a use-after-free vulnerability existed in the iSCSI\nTCP implementation in the Linux kernel. A local attacker could possibly use\nthis to cause a denial of service (system crash). (CVE-2023-2162)\n\nJean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu\nLinux kernel contained a race condition when handling inode locking in some\nsituations. A local attacker could use this to cause a denial of service\n(kernel deadlock). (CVE-2023-2612)\n\nIt was discovered that the NET/ROM protocol implementation in the Linux\nkernel contained a race condition in some situations, leading to a use-\nafter-free vulnerability. A local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-32269)\n\nDuoming Zhou discovered that a race condition existed in the infrared\nreceiver/transceiver driver in the Linux kernel, leading to a use-after-\nfree vulnerability. A privileged attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2023-1118)\n\n","modified":"2026-02-10T04:43:09Z","published":"2023-06-01T18:54:49Z","related":["UBUNTU-CVE-2022-3707","UBUNTU-CVE-2023-0459","UBUNTU-CVE-2023-1075","UBUNTU-CVE-2023-1078","UBUNTU-CVE-2023-1118","UBUNTU-CVE-2023-1380","UBUNTU-CVE-2023-1513","UBUNTU-CVE-2023-2162","UBUNTU-CVE-2023-2612","UBUNTU-CVE-2023-30456","UBUNTU-CVE-2023-31436","UBUNTU-CVE-2023-32233","UBUNTU-CVE-2023-32269"],"upstream":["CVE-2022-3707","CVE-2023-0459","CVE-2023-1075","CVE-2023-1078","CVE-2023-1118","CVE-2023-1380","CVE-2023-1513","CVE-2023-2162","CVE-2023-2612","CVE-2023-30456","CVE-2023-31436","CVE-2023-32233","CVE-2023-32269","UBUNTU-CVE-2022-3707","UBUNTU-CVE-2023-0459","UBUNTU-CVE-2023-1075","UBUNTU-CVE-2023-1078","UBUNTU-CVE-2023-1118","UBUNTU-CVE-2023-1380","UBUNTU-CVE-2023-1513","UBUNTU-CVE-2023-2162","UBUNTU-CVE-2023-2612","UBUNTU-CVE-2023-30456","UBUNTU-CVE-2023-31436","UBUNTU-CVE-2023-32233","UBUNTU-CVE-2023-32269"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6132-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-3707"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0459"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1075"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1078"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1118"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1380"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-1513"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2162"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2612"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-30456"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-31436"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-32233"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-32269"}],"affected":[{"package":{"name":"linux-aws-5.4","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/linux-aws-5.4@5.4.0-1103.111~18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1103.111~18.04.1"}]}],"versions":["5.4.0-1018.18~18.04.1","5.4.0-1020.20~18.04.2","5.4.0-1022.22~18.04.1","5.4.0-1024.24~18.04.1","5.4.0-1025.25~18.04.1","5.4.0-1028.29~18.04.1","5.4.0-1029.30~18.04.1","5.4.0-1030.31~18.04.1","5.4.0-1032.33~18.04.1","5.4.0-1034.35~18.04.1","5.4.0-1035.37~18.04.1","5.4.0-1037.39~18.04.1","5.4.0-1038.40~18.04.1","5.4.0-1039.41~18.04.1","5.4.0-1041.43~18.04.1","5.4.0-1043.45~18.04.1","5.4.0-1045.47~18.04.1","5.4.0-1047.49~18.04.1","5.4.0-1048.50~18.04.1","5.4.0-1049.51~18.04.1","5.4.0-1051.53~18.04.1","5.4.0-1054.57~18.04.1","5.4.0-1055.58~18.04.1","5.4.0-1056.59~18.04.1","5.4.0-1057.60~18.04.1","5.4.0-1058.61~18.04.3","5.4.0-1059.62~18.04.1","5.4.0-1060.63~18.04.1","5.4.0-1061.64~18.04.1","5.4.0-1063.66~18.04.1","5.4.0-1064.67~18.04.1","5.4.0-1065.68~18.04.1","5.4.0-1066.69~18.04.1","5.4.0-1068.72~18.04.1","5.4.0-1069.73~18.04.1","5.4.0-1071.76~18.04.1","5.4.0-1072.77~18.04.1","5.4.0-1075.80~18.04.1","5.4.0-1078.84~18.04.1","5.4.0-1080.87~18.04.1","5.4.0-1081.88~18.04.1","5.4.0-1083.90~18.04.1","5.4.0-1084.91~18.04.1","5.4.0-1085.92~18.04.1","5.4.0-1086.93~18.04.1","5.4.0-1088.96~18.04.1","5.4.0-1089.97~18.04.1","5.4.0-1090.98~18.04.1","5.4.0-1092.100~18.04.2","5.4.0-1093.102~18.04.2","5.4.0-1094.102~18.04.1","5.4.0-1096.104~18.04.1","5.4.0-1097.105~18.04.1","5.4.0-1099.107~18.04.1","5.4.0-1100.108~18.04.1","5.4.0-1101.109~18.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-aws-5.4-cloud-tools-5.4.0-1103"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-aws-5.4-headers-5.4.0-1103"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-aws-5.4-tools-5.4.0-1103"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-buildinfo-5.4.0-1103-aws"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-cloud-tools-5.4.0-1103-aws"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-headers-5.4.0-1103-aws"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-image-unsigned-5.4.0-1103-aws"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-modules-5.4.0-1103-aws"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-modules-extra-5.4.0-1103-aws"},{"binary_version":"5.4.0-1103.111~18.04.1","binary_name":"linux-tools-5.4.0-1103-aws"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-3707"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-0459"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1075"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1078"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}],"id":"CVE-2023-1118"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-1380"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1513"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-2162"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-2612"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-30456"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-31436"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-32233"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-32269"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6132-1.json"}},{"package":{"name":"linux-bluefield","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-bluefield@5.4.0-1064.70?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1064.70"}]}],"versions":["5.4.0-1007.10","5.4.0-1011.14","5.4.0-1012.15","5.4.0-1013.16","5.4.0-1016.19","5.4.0-1019.22","5.4.0-1020.23","5.4.0-1021.24","5.4.0-1022.25","5.4.0-1023.26","5.4.0-1025.28","5.4.0-1026.29","5.4.0-1028.31","5.4.0-1030.33","5.4.0-1032.35","5.4.0-1035.38","5.4.0-1036.39","5.4.0-1040.44","5.4.0-1042.47","5.4.0-1044.49","5.4.0-1045.50","5.4.0-1046.51","5.4.0-1047.52","5.4.0-1049.55","5.4.0-1050.56","5.4.0-1054.60","5.4.0-1058.64","5.4.0-1059.65","5.4.0-1060.66","5.4.0-1062.68"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.4.0-1064.70","binary_name":"linux-bluefield-headers-5.4.0-1064"},{"binary_version":"5.4.0-1064.70","binary_name":"linux-bluefield-tools-5.4.0-1064"},{"binary_version":"5.4.0-1064.70","binary_name":"linux-buildinfo-5.4.0-1064-bluefield"},{"binary_version":"5.4.0-1064.70","binary_name":"linux-headers-5.4.0-1064-bluefield"},{"binary_version":"5.4.0-1064.70","binary_name":"linux-image-unsigned-5.4.0-1064-bluefield"},{"binary_version":"5.4.0-1064.70","binary_name":"linux-modules-5.4.0-1064-bluefield"},{"binary_version":"5.4.0-1064.70","binary_name":"linux-tools-5.4.0-1064-bluefield"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2022-3707"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-0459"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1075"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-1078"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"negligible"}],"id":"CVE-2023-1118"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-1380"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-1513"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-2162"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-2612"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-30456"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-31436"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2023-32233"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-32269"}],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6132-1.json"}}],"schema_version":"1.7.3"}