[USN-6454-4] Linux kernel (StarFive) vulnerabilities
Several security issues were fixed in the Linux kernel.
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-tools-starfive?distro=mantic | < 6.5.0.1003.5 |
pkg:deb/ubuntu/linux-tools-6.5.0-1003-starfive?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-starfive?distro=mantic | < 6.5.0.1003.5 |
pkg:deb/ubuntu/linux-starfive-tools-6.5.0-1003?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-starfive-headers-6.5.0-1003?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-modules-extra-6.5.0-1003-starfive?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-modules-6.5.0-1003-starfive?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-image-starfive?distro=mantic | < 6.5.0.1003.5 |
pkg:deb/ubuntu/linux-image-6.5.0-1003-starfive?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-headers-starfive?distro=mantic | < 6.5.0.1003.5 |
pkg:deb/ubuntu/linux-headers-6.5.0-1003-starfive?distro=mantic | < 6.5.0-1003.4 |
pkg:deb/ubuntu/linux-buildinfo-6.5.0-1003-starfive?distro=mantic | < 6.5.0-1003.4 |
- ID
- USN-6454-4
- Severity
- high
- Severity from
- CVE-2023-4921
- URL
- https://ubuntu.com/security/notices/USN-6454-4
- Published
-
2023-11-01T21:27:02
(10 months ago) - Modified
-
2023-11-01T21:27:02
(10 months ago) - Other Advisories
-
- ALAS-2023-1838
- ALAS2-2023-2264
- ALSA-2024:0897
- DSA-5594-1
- ELSA-2023-13043
- ELSA-2024-0897
- ELSA-2024-12110
- ELSA-2024-12169
- ELSA-2024-1249
- ELSA-2024-12610
- ELSA-2024-12612
- ELSA-2024-1831
- ELSA-2024-2394
- FEDORA-2023-50bd7c9c12
- FEDORA-2023-830d9ec624
- FEDORA-2023-c3bb819677
- RHSA-2024:0876
- RHSA-2024:0881
- RHSA-2024:0897
- RHSA-2024:1249
- RHSA-2024:1323
- RHSA-2024:1332
- SSA:2023-325-01
- SUSE-SU-2023:3988-1
- SUSE-SU-2023:4030-1
- SUSE-SU-2023:4031-1
- SUSE-SU-2023:4032-1
- SUSE-SU-2023:4033-1
- SUSE-SU-2023:4035-1
- SUSE-SU-2023:4057-1
- SUSE-SU-2023:4058-1
- SUSE-SU-2023:4071-1
- SUSE-SU-2023:4072-1
- SUSE-SU-2023:4072-2
- SUSE-SU-2023:4093-1
- SUSE-SU-2023:4095-1
- SUSE-SU-2023:4142-1
- SUSE-SU-2023:4347-1
- SUSE-SU-2024:0469-1
- SUSE-SU-2024:0474-1
- SUSE-SU-2024:0478-1
- SUSE-SU-2024:0514-1
- SUSE-SU-2024:0515-1
- SUSE-SU-2024:0516-1
- SUSE-SU-2024:0622-1
- SUSE-SU-2024:0624-1
- SUSE-SU-2024:0655-1
- SUSE-SU-2024:0666-1
- SUSE-SU-2024:0685-1
- SUSE-SU-2024:0698-1
- SUSE-SU-2024:0727-1
- SUSE-SU-2024:0855-1
- SUSE-SU-2024:0858-1
- SUSE-SU-2024:0900-1
- SUSE-SU-2024:0900-2
- SUSE-SU-2024:0910-1
- SUSE-SU-2024:0977-1
- SUSE-SU-2024:1322-1
- SUSE-SU-2024:1466-1
- SUSE-SU-2024:1480-1
- SUSE-SU-2024:1490-1
- SUSE-SU-2024:1641-1
- SUSE-SU-2024:1643-1
- USN-6439-1
- USN-6439-2
- USN-6440-1
- USN-6440-2
- USN-6440-3
- USN-6441-1
- USN-6441-2
- USN-6441-3
- USN-6442-1
- USN-6443-1
- USN-6444-1
- USN-6444-2
- USN-6445-1
- USN-6445-2
- USN-6446-1
- USN-6446-2
- USN-6446-3
- USN-6454-1
- USN-6454-2
- USN-6454-3
- USN-6461-1
- USN-6466-1
- USN-6479-1
- USN-6699-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-tools-starfive?distro=mantic | ubuntu | linux-tools-starfive | < 6.5.0.1003.5 | mantic | ||
Affected | pkg:deb/ubuntu/linux-tools-6.5.0-1003-starfive?distro=mantic | ubuntu | linux-tools-6.5.0-1003-starfive | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-starfive?distro=mantic | ubuntu | linux-starfive | < 6.5.0.1003.5 | mantic | ||
Affected | pkg:deb/ubuntu/linux-starfive-tools-6.5.0-1003?distro=mantic | ubuntu | linux-starfive-tools-6.5.0-1003 | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-starfive-headers-6.5.0-1003?distro=mantic | ubuntu | linux-starfive-headers-6.5.0-1003 | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-modules-extra-6.5.0-1003-starfive?distro=mantic | ubuntu | linux-modules-extra-6.5.0-1003-starfive | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-modules-6.5.0-1003-starfive?distro=mantic | ubuntu | linux-modules-6.5.0-1003-starfive | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-image-starfive?distro=mantic | ubuntu | linux-image-starfive | < 6.5.0.1003.5 | mantic | ||
Affected | pkg:deb/ubuntu/linux-image-6.5.0-1003-starfive?distro=mantic | ubuntu | linux-image-6.5.0-1003-starfive | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-headers-starfive?distro=mantic | ubuntu | linux-headers-starfive | < 6.5.0.1003.5 | mantic | ||
Affected | pkg:deb/ubuntu/linux-headers-6.5.0-1003-starfive?distro=mantic | ubuntu | linux-headers-6.5.0-1003-starfive | < 6.5.0-1003.4 | mantic | ||
Affected | pkg:deb/ubuntu/linux-buildinfo-6.5.0-1003-starfive?distro=mantic | ubuntu | linux-buildinfo-6.5.0-1003-starfive | < 6.5.0-1003.4 | mantic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |