ID

VAR-202307-0874


CVE

CVE-2023-21400


TITLE

Google  of  Android  Vulnerability related to resource locking in products from multiple vendors such as

Trust: 0.8

sources: JVNDB: JVNDB-2023-021902

DESCRIPTION

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Products from multiple vendors, such as Microsoft, contain vulnerabilities related to resource locking.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5480-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 18, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2022-4269 CVE-2022-39189 CVE-2023-1206 CVE-2023-1380 CVE-2023-2002 CVE-2023-2007 CVE-2023-2124 CVE-2023-2269 CVE-2023-2898 CVE-2023-3090 CVE-2023-3111 CVE-2023-3212 CVE-2023-3268 CVE-2023-3338 CVE-2023-3389 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-3863 CVE-2023-4004 CVE-2023-4128 CVE-2023-4132 CVE-2023-4147 CVE-2023-4194 CVE-2023-4273 CVE-2023-20588 CVE-2023-21255 CVE-2023-21400 CVE-2023-31084 CVE-2023-34319 CVE-2023-35788 CVE-2023-40283 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2023-1206 It was discovered that the networking stack permits attackers to force hash collisions in the IPv6 connection lookup table, which may result in denial of service (significant increase in the cost of lookups, increased CPU utilization). CVE-2023-1380 Jisoo Jang reported a heap out-of-bounds read in the brcmfmac Wi-Fi driver. CVE-2023-2007 Lucas Leong and Reno Robert discovered a time-of-check-to-time-of- use flaw in the dpt_i2o SCSI controller driver. This flaw has been mitigated by removing support for the I2OUSRCMD operation. CVE-2023-2124 Kyle Zeng, Akshay Ajayan and Fish Wang discovered that missing metadata validation may result in denial of service or potential privilege escalation if a corrupted XFS disk image is mounted. CVE-2023-2898 It was discovered that missing sanitising in the f2fs file system may result in denial of service if a malformed file system is accessed. CVE-2023-3111 The TOTE Robot tool found a flaw in the Btrfs filesystem driver that can lead to a use-after-free. CVE-2023-3212 Yang Lan that missing validation in the GFS2 filesystem could result in denial of service via a NULL pointer dereference when mounting a malformed GFS2 filesystem. This flaw has been mitigated by removing the DECnet protocol implementation. CVE-2023-3389 Querijn Voet discovered a use-after-free in the io_uring subsystem, which may result in denial of service or privilege escalation. CVE-2023-4004 It was discovered that a use-after-free in Netfilter's implementation of PIPAPO (PIle PAcket POlicies) may result in denial of service or potential local privilege escalation for a user with the CAP_NET_ADMIN capability in any user or network namespace. CVE-2023-4194 A type confusion in the implementation of TUN/TAP network devices may allow a local user to bypass network filters. CVE-2023-4273 Maxim Suhanov discovered a stack overflow in the exFAT driver, which may result in local denial of service via a malformed file system. CVE-2023-20588 Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Koepf and Oleksii Oleksenko discovered that on some AMD CPUs with the Zen1 micro architecture an integer division by zero may leave stale quotient data from a previous division, resulting in a potential leak of sensitive data. CVE-2023-21255 A use-after-free was discovered in the in the Android binder driver, which may result in local privilege escalation on systems where the binder driver is loaded. CVE-2023-34319 Ross Lagerwall discovered a buffer overrun in Xen's netback driver which may allow a Xen guest to cause denial of service to the virtualisation host my sending malformed packets. CVE-2023-40283 A use-after-free was discovered in Bluetooth L2CAP socket handling. For the oldstable distribution (bullseye), these problems have been fixed in version 5.10.191-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTfvC5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QmDBAAnjvIhfwWPmYeanAyC9Hwdx2L9ATqx235c5K4I9xOWCRR+1oiM3WIKDz1 jnFbRnCKEPMUeIMWaSwXj11OvjDIY31nnUqRzf/hoT8PQ6dHi1p/fpmjReLFL9sw FoYhyabKtkGMBUXF4dCz2Qn62yPGFDgupBMlK1BQ1kJvxZABaKG0PGTqqPX4iOla DkbNvwq2lLr0K6oYKp8Nu+tQ+1I6U8PI4EvAlYbybvo0WXvbZy9pOmBilJhBqYrC 6Ql1ndovBzDi3H8Qo+C8WJRdFcjP+dBOpW/lu9EcHbNmHG1cWLO8EexqvfoW8GAV qf0CEtULUwsn6pM5uW+SEgfsiETFPXbzQt+FxH2L2NGLhLmb73dIK074/Ids8lx4 V4tNh+pVTli+sTCB6uGaRQvM4uNTxm5mV9+saacM6vel6KvD/qRreCMCDhvk9CkS ETg3sJjbw/Hv83RwfqTlXicJh5KpA5JikrztMnHNAQKru93uSH6dOLpOd45/SeA8 KHw604LkeuzAiqFltE76HS1h/jDXO0Mfb0UvIH5N1tmgcr3qaRaFvZQ6sYy8NTHa 6N5pnfKJJXRuYe/aadjlC2xQmUMvU8HD39dqp6Z+XFjjzLmz5NN9rLHZKqaLSx6C IFId+FMkkKLeQFWylM+mA5WwiUTEx0JvREFPjtOjJ4RDHf3Mmws= =z/8h -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6332-1 August 31, 2023 linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems - linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems Details: Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. (CVE-2022-40982) William Zhao discovered that the Traffic Control (TC) subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2022-4269) It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2022-48502) Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1611) It was discovered that the APM X-Gene SoC hardware monitoring driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-1855) It was discovered that the ST NCI NFC driver did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2023-1990) Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. (CVE-2023-20593) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2023-2124) Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux kernel did not properly handle locking for rings with IOPOLL, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-21400) Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski discovered that the BPF verifier in the Linux kernel did not properly mark registers for precision tracking in certain situations, leading to an out- of-bounds access vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2163) It was discovered that the SLIMpro I2C device driver in the Linux kernel did not properly validate user-supplied data in some situations, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2194) It was discovered that the perf subsystem in the Linux kernel contained a use-after-free vulnerability. A privileged local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-2235) Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear() operations. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2023-2269) It was discovered that the ARM Mali Display Processor driver implementation in the Linux kernel did not properly handle certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-23004) It was discovered that a race condition existed in the TLS subsystem in the Linux kernel, leading to a use-after-free or a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-28466) It was discovered that the DA9150 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-30772) It was discovered that the Ricoh R5C592 MemoryStick card reader driver in the Linux kernel contained a race condition during module unload, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3141) Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly validate pointers in some situations, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-32248) It was discovered that the kernel->user space relay implementation in the Linux kernel did not properly perform certain buffer calculations, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2023-3268) It was discovered that the Qualcomm EMAC ethernet driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33203) It was discovered that the BQ24190 charger driver in the Linux kernel did not properly handle device removal, leading to a user-after free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-33288) It was discovered that the video4linux driver for Philips based TV cards in the Linux kernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35823) It was discovered that the SDMC DM1105 PCI device driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35824) It was discovered that the Renesas USB controller driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35828) It was discovered that the Rockchip Video Decoder IP driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35829) It was discovered that the universal 32bit network packet classifier implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3609) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3610) It was discovered that the Quick Fair Queueing network scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3611) It was discovered that the network packet classifier with netfilter/firewall marks implementation in the Linux kernel did not properly handle reference counting, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-3776) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle table rules flush in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3777) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle rule additions to bound chains in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-3995) It was discovered that the netfilter subsystem in the Linux kernel did not properly handle PIPAPO element removal, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4004) Kevin Rich discovered that the netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-4015) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1045-azure 5.15.0-1045.52 linux-image-5.15.0-1045-azure-fde 5.15.0-1045.52.1 linux-image-azure-fde-lts-22.04 5.15.0.1045.52.23 linux-image-azure-lts-22.04 5.15.0.1045.41 Ubuntu 20.04 LTS: linux-image-5.15.0-1045-azure 5.15.0-1045.52~20.04.1 linux-image-azure 5.15.0.1045.52~20.04.34 linux-image-azure-cvm 5.15.0.1045.52~20.04.34 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6332-1 CVE-2022-40982, CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611, CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-20593, CVE-2023-2124, CVE-2023-21400, CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269, CVE-2023-23004, CVE-2023-28466, CVE-2023-30772, CVE-2023-3141, CVE-2023-32248, CVE-2023-3268, CVE-2023-33203, CVE-2023-33288, CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-35829, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3776, CVE-2023-3777, CVE-2023-3995, CVE-2023-4004, CVE-2023-4015 Package Information: https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1045.52 https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1045.52.1 https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1045.52~20.04.1 . Livepatches for supported HWE kernels which are not based on an LTS kernel version will receive upgrades for a period of up to 9 months after the build date of the kernel, or until the end of support for that kernel’s non-LTS distro release version, whichever is sooner

Trust: 2.88

sources: NVD: CVE-2023-21400 // JVNDB: JVNDB-2023-021902 // CNVD: CNVD-2023-65161 // VULMON: CVE-2023-21400 // PACKETSTORM: 174246 // PACKETSTORM: 174401 // PACKETSTORM: 174453 // PACKETSTORM: 174433 // PACKETSTORM: 175072 // PACKETSTORM: 174449 // PACKETSTORM: 174534

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-65161

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-65161 // JVNDB: JVNDB-2023-021902 // NVD: CVE-2023-21400

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-21400
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-21400
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-65161
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202307-1159
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-65161
severity: MEDIUM
baseScore: 6.5
vectorString: AV:L/AC:L/AU:M/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-21400
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-21400
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-65161 // JVNDB: JVNDB-2023-021902 // CNNVD: CNNVD-202307-1159 // NVD: CVE-2023-21400

PROBLEMTYPE DATA

problemtype:CWE-667

Trust: 1.0

problemtype:improper lock (CWE-667) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-021902 // NVD: CVE-2023-21400

THREAT TYPE

local

Trust: 1.2

sources: PACKETSTORM: 174401 // PACKETSTORM: 174453 // PACKETSTORM: 174433 // PACKETSTORM: 175072 // PACKETSTORM: 174449 // PACKETSTORM: 174534 // CNNVD: CNNVD-202307-1159

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202307-1159

PATCH

title:Patch for Google Pixel Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/442931

Trust: 0.6

title:Google Pixel Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246885

Trust: 0.6

sources: CNVD: CNVD-2023-65161 // CNNVD: CNNVD-202307-1159

EXTERNAL IDS

db:NVDid:CVE-2023-21400

Trust: 4.6

db:OPENWALLid:OSS-SECURITY/2023/07/14/2

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2023/07/19/7

Trust: 2.4

db:OPENWALLid:OSS-SECURITY/2023/07/19/2

Trust: 2.4

db:PACKETSTORMid:175072

Trust: 1.9

db:OPENWALLid:OSS-SECURITY/2023/07/25/7

Trust: 1.8

db:JVNDBid:JVNDB-2023-021902

Trust: 0.8

db:CNVDid:CNVD-2023-65161

Trust: 0.6

db:CNNVDid:CNNVD-202307-1159

Trust: 0.6

db:VULMONid:CVE-2023-21400

Trust: 0.1

db:PACKETSTORMid:174246

Trust: 0.1

db:PACKETSTORMid:174401

Trust: 0.1

db:PACKETSTORMid:174453

Trust: 0.1

db:PACKETSTORMid:174433

Trust: 0.1

db:PACKETSTORMid:174449

Trust: 0.1

db:PACKETSTORMid:174534

Trust: 0.1

sources: CNVD: CNVD-2023-65161 // VULMON: CVE-2023-21400 // JVNDB: JVNDB-2023-021902 // PACKETSTORM: 174246 // PACKETSTORM: 174401 // PACKETSTORM: 174453 // PACKETSTORM: 174433 // PACKETSTORM: 175072 // PACKETSTORM: 174449 // PACKETSTORM: 174534 // CNNVD: CNNVD-202307-1159 // NVD: CVE-2023-21400

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2023-21400

Trust: 2.7

url:https://source.android.com/security/bulletin/pixel/2023-07-01

Trust: 2.5

url:http://www.openwall.com/lists/oss-security/2023/07/14/2

Trust: 2.5

url:http://www.openwall.com/lists/oss-security/2023/07/19/2

Trust: 2.4

url:http://www.openwall.com/lists/oss-security/2023/07/19/7

Trust: 2.4

url:http://packetstormsecurity.com/files/175072/kernel-live-patch-security-notice-lsn-0098-1.html

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2023/07/25/7

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html

Trust: 1.8

url:https://www.debian.org/security/2023/dsa-5480

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20240119-0012/

Trust: 1.0

url:https://cxsecurity.com/cveshow/cve-2023-21400/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2023-3995

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-3777

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-20593

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-4004

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-40982

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-3609

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-3776

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-4015

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-3610

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2023-3611

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-4269

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-3090

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-2124

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2023-2002

Trust: 0.2

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1206

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-21255

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1380

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-39189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-31084

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2007

Trust: 0.1

url:https://security-tracker.debian.org/tracker/linux

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2269

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-20588

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1041.47~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1040.48

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6315-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1040.45

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1026.31

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1043.48~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1043.48

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1031.31

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1041.47

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-82.91~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-82.91

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.15.0-82.91

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1040.45

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1036.39

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-82.91~20.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6332-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1045.52~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1045.52.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-0597

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2194

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-48502

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1045.52

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2235

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1611

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-2163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-1855

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6325-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1026.31~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1038.43

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-40283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-4128

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6330-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1040.48~20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1036.39

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6348-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1038.43~20.04.1

Trust: 0.1

sources: CNVD: CNVD-2023-65161 // VULMON: CVE-2023-21400 // JVNDB: JVNDB-2023-021902 // PACKETSTORM: 174246 // PACKETSTORM: 174401 // PACKETSTORM: 174453 // PACKETSTORM: 174433 // PACKETSTORM: 175072 // PACKETSTORM: 174449 // PACKETSTORM: 174534 // CNNVD: CNNVD-202307-1159 // NVD: CVE-2023-21400

CREDITS

Ubuntu

Trust: 0.5

sources: PACKETSTORM: 174401 // PACKETSTORM: 174453 // PACKETSTORM: 174433 // PACKETSTORM: 174449 // PACKETSTORM: 174534

SOURCES

db:CNVDid:CNVD-2023-65161
db:VULMONid:CVE-2023-21400
db:JVNDBid:JVNDB-2023-021902
db:PACKETSTORMid:174246
db:PACKETSTORMid:174401
db:PACKETSTORMid:174453
db:PACKETSTORMid:174433
db:PACKETSTORMid:175072
db:PACKETSTORMid:174449
db:PACKETSTORMid:174534
db:CNNVDid:CNNVD-202307-1159
db:NVDid:CVE-2023-21400

LAST UPDATE DATE

2024-08-14T12:37:17.595000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-65161date:2023-08-28T00:00:00
db:VULMONid:CVE-2023-21400date:2023-07-14T00:00:00
db:JVNDBid:JVNDB-2023-021902date:2024-01-19T08:13:00
db:CNNVDid:CNNVD-202307-1159date:2023-07-21T00:00:00
db:NVDid:CVE-2023-21400date:2024-01-19T16:15:08.817

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-65161date:2023-07-27T00:00:00
db:VULMONid:CVE-2023-21400date:2023-07-13T00:00:00
db:JVNDBid:JVNDB-2023-021902date:2024-01-19T00:00:00
db:PACKETSTORMid:174246date:2023-08-21T16:25:52
db:PACKETSTORMid:174401date:2023-08-30T15:24:17
db:PACKETSTORMid:174453date:2023-09-02T13:17:45
db:PACKETSTORMid:174433date:2023-08-31T15:25:45
db:PACKETSTORMid:175072date:2023-10-11T16:48:43
db:PACKETSTORMid:174449date:2023-09-02T13:08:20
db:PACKETSTORMid:174534date:2023-09-06T17:15:58
db:CNNVDid:CNNVD-202307-1159date:2023-07-12T00:00:00
db:NVDid:CVE-2023-21400date:2023-07-13T00:15:24.340