ID

VAR-202307-0874

CVE

CVE-2023-21400

TITLE

Google  of  Android  Vulnerability related to resource locking in products from multiple vendors such as

DESCRIPTION

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Products from multiple vendors, such as Microsoft, contain vulnerabilities related to resource locking.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5480-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 18, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-2124 CVE-2023-2269 CVE-2023-2898 CVE-2023-3090 CVE-2023-3111 CVE-2023-3212 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-20588 CVE-2023-21255 CVE-2023-21400 CVE-2023-31084 CVE-2023-34319 CVE-2023-35788 CVE-2023-40283 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant increase in the cost of lookups, increased CPU utilization). CVE-2023-1380 Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi driver. CVE-2023-2007 Lucas Leong and Reno Robert discovered a time-of-check-to-time-of- use flaw in the dpt_i2o SCSI controller driver. This flaw has been mitigated by removing support for the I2OUSRCMD operation. CVE-2023-2124 Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing metadata validation may result in denial of service or potential privilege escalation if a corrupted XFS disk image is mounted. CVE-2023-2898 It was discovered that missing sanitising in the f2fs file system may result in denial of service if a malformed file system is accessed. CVE-2023-3111 The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. CVE-2023-3212 Yang Lan that missing validation in the GFS2 filesystem could result in denial of service via a NULL pointer dereference when mounting a malformed GFS2 filesystem. This flaw has been mitigated by removing the DECnet protocol implementation. CVE-2023-3389 Querijn Voet discovered a use-after-free in the io_uring subsystem, which may result in denial of service or privilege escalation. CVE-2023-4004 It was discovered that a use-after-free in Netfilter's implementation of PIPAPO (PIle PAcket POlicies) may result in denial of service or potential local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-4194 A type confusion in the implementation of TUN/TAP network devices may allow a local user to bypass network filters. CVE-2023-4273 Maxim Suhanov discovered a stack overflow in the exFAT driver, which may result in local denial of service via a malformed file system. CVE-2023-20588 Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1 micro architecture an integer division by zero may leave stale quotient data from a previous division, resulting in a potential leak of sensitive data. CVE-2023-21255 A use-after-free was discovered in the in the Android binder driver, which may result in local privilege escalation on systems where the binder driver is loaded. CVE-2023-34319 Ross Lagerwall discovered a buffer overrun in Xen's netback driver which may allow a Xen guest to cause denial of service to the virtualisation host my sending malformed packets. CVE-2023-40283 A use-after-free was discovered in Bluetooth L2CAP socket handling. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.191-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTfvC5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QmDBAAnjvIhfwWPmYeanAyC9Hwdx2L9ATqx235c5K4I9xOWCRR+1oiM3WIKDz1 jnFbRnCKEPMUeIMWaSwXj11OvjDIY31nnUqRzf/hoT8PQ6dHi1p/fpmjReLFL9sw FoYhyabKtkGMBUXF4dCz2Qn62yPGFDgupBMlK1BQ1kJvxZABaKG0PGTqqPX4iOla DkbNvwq2lLr0K6oYKp8Nu+tQ+1I6U8PI4EvAlYbybvo0WXvbZy9pOmBilJhBqYrC 6Ql1ndovBzDi3H8Qo+C8WJRdFcjP+dBOpW/lu9EcHbNmHG1cWLO8EexqvfoW8GAV qf0CEtULUwsn6pM5uW+SEgfsiETFPXbzQt+FxH2L2NGLhLmb73dIK074/Ids8lx4 V4tNh+pVTli+sTCB6uGaRQvM4uNTxm5mV9+saacM6vel6KvD/qRreCMCDhvk9CkS ETg3sJjbw/Hv83RwfqTlXicJh5KpA5JikrztMnHNAQKru93uSH6dOLpOd45/SeA8 KHw604LkeuzAiqFltE76HS1h/jDXO0Mfb0UvIH5N1tmgcr3qaRaFvZQ6sYy8NTHa 6N5pnfKJJXRuYe/aadjlC2xQmUMvU8HD39dqp6Z+XFjjzLmz5NN9rLHZKqaLSx6C IFId+FMkkKLeQFWylM+mA5WwiUTEx0JvREFPjtOjJ4RDHf3Mmws= =z/8h -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6332-1 August 31, 2023 linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems - linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems Details: Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-48502) Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the APM X-Gene SoC hardware monitoring driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1855) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400) Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski discovered that the BPF verifier in the Linux kernel did not properly mark registers for precision tracking in certain situations, leading to an out- of-bounds access vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2163) It was discovered that the SLIMpro I2C device driver in the Linux kernel did not properly validate user-supplied data in some situations, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2194) It was discovered that the perf subsystem in the Linux kernel contained a use-after-free vulnerability. A privileged local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2235) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-23004) It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466) It was discovered that the DA9150 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-30772) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly validate pointers in some situations, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-32248) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the Qualcomm EMAC ethernet driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33203) It was discovered that the BQ24190 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33288) It was discovered that the video4linux driver for Philips based TV cards in the Linux kernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35823) It was discovered that the SDMC DM1105 PCI device driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35824) It was discovered that the Renesas USB controller driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35828) It was discovered that the Rockchip Video Decoder IP driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35829) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3610) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4004) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4015) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1045-azure 5.15.0-1045.52 linux-image-5.15.0-1045-azure-fde 5.15.0-1045.52.1 linux-image-azure-fde-lts-22.04 5.15.0.1045.52.23 linux-image-azure-lts-22.04 5.15.0.1045.41 Ubuntu 20.04 LTS: linux-image-5.15.0-1045-azure 5.15.0-1045.52~20.04.1 linux-image-azure 5.15.0.1045.52~20.04.34 linux-image-azure-cvm 5.15.0.1045.52~20.04.34 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6332-1 CVE-2022-40982, CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-20593, CVE-2023-2124, CVE-2023-21400, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466, CVE-2023-30772, CVE-2023-3141, CVE-2023-32248, CVE-2023-3268, CVE-2023-33203, CVE-2023-33288, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-35829, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015 Package Information: https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1045.52 https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1045.52.1 https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1045.52~20.04.1 . Livepatches for supported HWE kernels which are not based on an LTS kernel version will receive upgrades for a period of up to 9 months after the build date of the kernel, or until the end of support for that kernel’s non-LTS distro release version, whichever is sooner

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu

SOURCES

LAST UPDATE DATE

2024-08-14T12:37:17.595000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE