1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6396-3

[USN-6396-3] Linux kernel (Azure) vulnerabilities

Severity High
Affected Packages 19
CVEs 6
Info Packages Vulnerabilities

Several security issues were fixed in the Linux kernel.

It was discovered that some AMD x86-64 processors with SMT enabled could
speculatively execute instructions using a return address from a sibling
thread. A local attacker could possibly use this to expose sensitive
information. (CVE-2022-27672)

Daniel Moghimi discovered that some Intel(R) Processors did not properly
clear microarchitectural state after speculative execution of various
instructions. A local unprivileged user could use this to obtain to
sensitive information. (CVE-2022-40982)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

It was discovered that the bluetooth subsystem in the Linux kernel did not
properly handle L2CAP socket release, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-40283)

It was discovered that some network classifier implementations in the Linux
kernel contained use-after-free vulnerabilities. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-4128)

Package Affected Version
pkg:deb/ubuntu/linux-tools-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-tools-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-signed-image-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-signed-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-modules-extra-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-modules-extra-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-modules-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-image-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-image-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-headers-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-headers-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-cloud-tools-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-cloud-tools-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-buildinfo-4.15.0-1170-azure?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-azure?distro=trusty < 4.15.0.1170.136
pkg:deb/ubuntu/linux-azure-tools-4.15.0-1170?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-azure-headers-4.15.0-1170?distro=trusty < 4.15.0-1170.185~14.04.1
pkg:deb/ubuntu/linux-azure-cloud-tools-4.15.0-1170?distro=trusty < 4.15.0-1170.185~14.04.1
ID
USN-6396-3
Severity
high
Severity from
CVE-2023-40283
URL
https://ubuntu.com/security/notices/USN-6396-3
Published
2023-10-17T14:06:42
(11 months ago)
Modified
2023-10-17T14:06:42
(11 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-tools-azure?distro=trusty ubuntu linux-tools-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-tools-4.15.0-1170-azure?distro=trusty ubuntu linux-tools-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-signed-image-azure?distro=trusty ubuntu linux-signed-image-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-signed-azure?distro=trusty ubuntu linux-signed-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-modules-extra-azure?distro=trusty ubuntu linux-modules-extra-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-modules-extra-4.15.0-1170-azure?distro=trusty ubuntu linux-modules-extra-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-modules-4.15.0-1170-azure?distro=trusty ubuntu linux-modules-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-unsigned-4.15.0-1170-azure?distro=trusty ubuntu linux-image-unsigned-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-azure?distro=trusty ubuntu linux-image-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-image-4.15.0-1170-azure?distro=trusty ubuntu linux-image-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-headers-azure?distro=trusty ubuntu linux-headers-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-headers-4.15.0-1170-azure?distro=trusty ubuntu linux-headers-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-cloud-tools-azure?distro=trusty ubuntu linux-cloud-tools-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-cloud-tools-4.15.0-1170-azure?distro=trusty ubuntu linux-cloud-tools-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-buildinfo-4.15.0-1170-azure?distro=trusty ubuntu linux-buildinfo-4.15.0-1170-azure < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-azure?distro=trusty ubuntu linux-azure < 4.15.0.1170.136 trusty
Affected pkg:deb/ubuntu/linux-azure-tools-4.15.0-1170?distro=trusty ubuntu linux-azure-tools-4.15.0-1170 < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-azure-headers-4.15.0-1170?distro=trusty ubuntu linux-azure-headers-4.15.0-1170 < 4.15.0-1170.185~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-azure-cloud-tools-4.15.0-1170?distro=trusty ubuntu linux-azure-cloud-tools-4.15.0-1170 < 4.15.0-1170.185~14.04.1 trusty
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date