{"id":"USN-6462-2","summary":"linux-iot vulnerabilities","details":"\nSeth Jenkins discovered that the Linux kernel did not properly perform\naddress randomization for a per-cpu memory management structure. A local\nattacker could use this to expose sensitive information (kernel memory) or\nin conjunction with another kernel vulnerability. (CVE-2023-0597)\n\nYu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in\nthe Linux kernel contained a race condition, leading to a null pointer\ndereference vulnerability. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2023-31083)\n\nLin Ma discovered that the Netlink Transformation (XFRM) subsystem in the\nLinux kernel contained a null pointer dereference vulnerability in some\nsituations. A local privileged attacker could use this to cause a denial of\nservice (system crash). (CVE-2023-3772)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the\nLinux kernel did not properly handle device initialization failures in\ncertain situations, leading to a use-after-free vulnerability. A physically\nproximate attacker could use this cause a denial of service (system crash).\n(CVE-2023-4132)\n","modified":"2026-02-10T04:43:24Z","published":"2023-11-10T10:16:47Z","related":["UBUNTU-CVE-2023-0597","UBUNTU-CVE-2023-31083","UBUNTU-CVE-2023-3772","UBUNTU-CVE-2023-4132"],"upstream":["CVE-2023-0597","CVE-2023-31083","CVE-2023-3772","CVE-2023-4132","UBUNTU-CVE-2023-0597","UBUNTU-CVE-2023-31083","UBUNTU-CVE-2023-3772","UBUNTU-CVE-2023-4132"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6462-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0597"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3772"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-4132"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-31083"}],"affected":[{"package":{"name":"linux-iot","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-iot@5.4.0-1025.26?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1025.26"}]}],"versions":["5.4.0-1001.3","5.4.0-1004.6","5.4.0-1005.7","5.4.0-1006.8","5.4.0-1009.11","5.4.0-1010.12","5.4.0-1011.13","5.4.0-1012.14","5.4.0-1013.15","5.4.0-1014.16","5.4.0-1017.18","5.4.0-1018.19","5.4.0-1019.20","5.4.0-1021.22","5.4.0-1022.23","5.4.0-1023.24","5.4.0-1024.25"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-5.4.0-1025-iot","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-headers-5.4.0-1025-iot","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-image-5.4.0-1025-iot","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-image-unsigned-5.4.0-1025-iot","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-iot-headers-5.4.0-1025","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-iot-tools-5.4.0-1025","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-iot-tools-common","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-modules-5.4.0-1025-iot","binary_version":"5.4.0-1025.26"},{"binary_name":"linux-tools-5.4.0-1025-iot","binary_version":"5.4.0-1025.26"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6462-2.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-0597"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-3772"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-4132"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2023-31083"}]}}}],"schema_version":"1.7.3"}