1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6454-4

[USN-6454-4] Linux kernel (StarFive) vulnerabilities

Severity High
Affected Packages 12
CVEs 4
Info Packages Vulnerabilities

Several security issues were fixed in the Linux kernel.

Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)

Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)

It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)

Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)

Package Affected Version
pkg:deb/ubuntu/linux-tools-starfive?distro=mantic < 6.5.0.1003.5
pkg:deb/ubuntu/linux-tools-6.5.0-1003-starfive?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-starfive?distro=mantic < 6.5.0.1003.5
pkg:deb/ubuntu/linux-starfive-tools-6.5.0-1003?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-starfive-headers-6.5.0-1003?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-modules-extra-6.5.0-1003-starfive?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-modules-6.5.0-1003-starfive?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-image-starfive?distro=mantic < 6.5.0.1003.5
pkg:deb/ubuntu/linux-image-6.5.0-1003-starfive?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-headers-starfive?distro=mantic < 6.5.0.1003.5
pkg:deb/ubuntu/linux-headers-6.5.0-1003-starfive?distro=mantic < 6.5.0-1003.4
pkg:deb/ubuntu/linux-buildinfo-6.5.0-1003-starfive?distro=mantic < 6.5.0-1003.4
ID
USN-6454-4
Severity
high
Severity from
CVE-2023-4921
URL
https://ubuntu.com/security/notices/USN-6454-4
Published
2023-11-01T21:27:02
(10 months ago)
Modified
2023-11-01T21:27:02
(10 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-tools-starfive?distro=mantic ubuntu linux-tools-starfive < 6.5.0.1003.5 mantic
Affected pkg:deb/ubuntu/linux-tools-6.5.0-1003-starfive?distro=mantic ubuntu linux-tools-6.5.0-1003-starfive < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-starfive?distro=mantic ubuntu linux-starfive < 6.5.0.1003.5 mantic
Affected pkg:deb/ubuntu/linux-starfive-tools-6.5.0-1003?distro=mantic ubuntu linux-starfive-tools-6.5.0-1003 < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-starfive-headers-6.5.0-1003?distro=mantic ubuntu linux-starfive-headers-6.5.0-1003 < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-modules-extra-6.5.0-1003-starfive?distro=mantic ubuntu linux-modules-extra-6.5.0-1003-starfive < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-modules-6.5.0-1003-starfive?distro=mantic ubuntu linux-modules-6.5.0-1003-starfive < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-image-starfive?distro=mantic ubuntu linux-image-starfive < 6.5.0.1003.5 mantic
Affected pkg:deb/ubuntu/linux-image-6.5.0-1003-starfive?distro=mantic ubuntu linux-image-6.5.0-1003-starfive < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-headers-starfive?distro=mantic ubuntu linux-headers-starfive < 6.5.0.1003.5 mantic
Affected pkg:deb/ubuntu/linux-headers-6.5.0-1003-starfive?distro=mantic ubuntu linux-headers-6.5.0-1003-starfive < 6.5.0-1003.4 mantic
Affected pkg:deb/ubuntu/linux-buildinfo-6.5.0-1003-starfive?distro=mantic ubuntu linux-buildinfo-6.5.0-1003-starfive < 6.5.0-1003.4 mantic
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date