{"id":"USN-6357-1","summary":"linux-ibm, linux-ibm-5.4 vulnerabilities","details":"Daniel Moghimi discovered that some Intel(R) Processors did not properly\nclear microarchitectural state after speculative execution of various\ninstructions. A local unprivileged user could use this to obtain to\nsensitive information. (CVE-2022-40982)\n\nRuihan Li discovered that the bluetooth subsystem in the Linux kernel did\nnot properly perform permissions checks when handling HCI sockets. A\nphysically proximate attacker could use this to cause a denial of service\n(bluetooth communication). (CVE-2023-2002)\n\nTavis Ormandy discovered that some AMD processors did not properly handle\nspeculative execution of certain vector register instructions. A local\nattacker could use this to expose sensitive information. (CVE-2023-20593)\n\nZi Fan Tan discovered that the binder IPC implementation in the Linux\nkernel contained a use-after-free vulnerability. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2023-21255)\n\nJuan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski\ndiscovered that the BPF verifier in the Linux kernel did not properly mark\nregisters for precision tracking in certain situations, leading to an out-\nof-bounds access vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2023-2163)\n\nZheng Zhang discovered that the device-mapper implementation in the Linux\nkernel did not properly handle locking during table_clear() operations. A\nlocal attacker could use this to cause a denial of service (kernel\ndeadlock). (CVE-2023-2269)\n\nIt was discovered that the DVB Core driver in the Linux kernel did not\nproperly handle locking events in certain situations. A local attacker\ncould use this to cause a denial of service (kernel deadlock).\n(CVE-2023-31084)\n\nIt was discovered that the kernel-\u003euser space relay implementation in the\nLinux kernel did not properly perform certain buffer calculations, leading\nto an out-of-bounds read vulnerability. A local attacker could use this to\ncause a denial of service (system crash) or expose sensitive information\n(kernel memory). (CVE-2023-3268)\n\nIt was discovered that the video4linux driver for Philips based TV cards in\nthe Linux kernel contained a race condition during device removal, leading\nto a use-after-free vulnerability. A physically proximate attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2023-35823)\n\nIt was discovered that the SDMC DM1105 PCI device driver in the Linux\nkernel contained a race condition during device removal, leading to a use-\nafter-free vulnerability. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2023-35824)\n\nIt was discovered that the Renesas USB controller driver in the Linux\nkernel contained a race condition during device removal, leading to a use-\nafter-free vulnerability. A privileged attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2023-35828)\n\nIt was discovered that the universal 32bit network packet classifier\nimplementation in the Linux kernel did not properly perform reference\ncounting in some situations, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-3609)\n\nIt was discovered that the Quick Fair Queueing network scheduler\nimplementation in the Linux kernel contained an out-of-bounds write\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-3611)\n\nIt was discovered that the network packet classifier with\nnetfilter/firewall marks implementation in the Linux kernel did not\nproperly handle reference counting, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-3776)\n\n","modified":"2026-04-27T16:51:36.051198Z","published":"2023-09-11T14:24:02Z","related":["UBUNTU-CVE-2022-40982","UBUNTU-CVE-2023-2002","UBUNTU-CVE-2023-20593","UBUNTU-CVE-2023-21255","UBUNTU-CVE-2023-2163","UBUNTU-CVE-2023-2269","UBUNTU-CVE-2023-31084","UBUNTU-CVE-2023-3268","UBUNTU-CVE-2023-35823","UBUNTU-CVE-2023-35824","UBUNTU-CVE-2023-35828","UBUNTU-CVE-2023-3609","UBUNTU-CVE-2023-3611","UBUNTU-CVE-2023-3776"],"upstream":["CVE-2022-40982","CVE-2023-2002","CVE-2023-20593","CVE-2023-21255","CVE-2023-2163","CVE-2023-2269","CVE-2023-31084","CVE-2023-3268","CVE-2023-35823","CVE-2023-35824","CVE-2023-35828","CVE-2023-3609","CVE-2023-3611","CVE-2023-3776","UBUNTU-CVE-2022-40982","UBUNTU-CVE-2023-2002","UBUNTU-CVE-2023-20593","UBUNTU-CVE-2023-21255","UBUNTU-CVE-2023-2163","UBUNTU-CVE-2023-2269","UBUNTU-CVE-2023-31084","UBUNTU-CVE-2023-3268","UBUNTU-CVE-2023-35823","UBUNTU-CVE-2023-35824","UBUNTU-CVE-2023-35828","UBUNTU-CVE-2023-3609","UBUNTU-CVE-2023-3611","UBUNTU-CVE-2023-3776"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6357-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-40982"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2002"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2163"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-2269"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3268"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3609"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3611"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-3776"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-20593"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-21255"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-31084"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-35823"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-35824"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-35828"}],"affected":[{"package":{"name":"linux-ibm-5.4","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/linux-ibm-5.4@5.4.0-1056.61~18.04.1?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1056.61~18.04.1"}]}],"versions":["5.4.0-1010.11~18.04.2","5.4.0-1012.13~18.04.1","5.4.0-1014.15~18.04.1","5.4.0-1015.16~18.04.1","5.4.0-1017.19~18.04.1","5.4.0-1018.20~18.04.1","5.4.0-1019.21~18.04.1","5.4.0-1020.22~18.04.1","5.4.0-1021.23~18.04.1","5.4.0-1023.25~18.04.1","5.4.0-1026.29~18.04.1","5.4.0-1028.32~18.04.1","5.4.0-1029.33~18.04.1","5.4.0-1031.35~18.04.1","5.4.0-1032.36~18.04.1","5.4.0-1033.37~18.04.1","5.4.0-1034.38~18.04.1","5.4.0-1036.41~18.04.1","5.4.0-1037.42~18.04.1","5.4.0-1040.45~18.04.2","5.4.0-1041.46~18.04.1","5.4.0-1042.47~18.04.1","5.4.0-1044.49~18.04.1","5.4.0-1045.50~18.04.1","5.4.0-1046.51~18.04.1","5.4.0-1047.52~18.04.1","5.4.0-1048.53~18.04.1","5.4.0-1049.54~18.04.1","5.4.0-1050.55~18.04.1","5.4.0-1051.56~18.04.1","5.4.0-1052.57~18.04.1","5.4.0-1053.58~18.04.1","5.4.0-1054.59~18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-buildinfo-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-headers-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-ibm-5.4-cloud-tools-common"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-ibm-5.4-headers-5.4.0-1056"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-ibm-5.4-source-5.4.0"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-ibm-5.4-tools-5.4.0-1056"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-ibm-5.4-tools-common"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-image-unsigned-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-modules-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-modules-extra-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61~18.04.1","binary_name":"linux-tools-5.4.0-1056-ibm"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6357-1.json","cves_map":{"cves":[{"id":"CVE-2022-40982","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2002","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2163","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2269","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3268","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3609","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-3611","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-3776","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-20593","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-21255","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-31084","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-35823","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-35824","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-35828","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"linux-ibm","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-ibm@5.4.0-1056.61?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1056.61"}]}],"versions":["5.4.0-1003.4","5.4.0-1004.5","5.4.0-1005.6","5.4.0-1006.7","5.4.0-1007.8","5.4.0-1008.9","5.4.0-1010.11","5.4.0-1012.13","5.4.0-1013.14","5.4.0-1014.15","5.4.0-1015.16","5.4.0-1017.19","5.4.0-1018.20","5.4.0-1019.21","5.4.0-1020.22","5.4.0-1021.23","5.4.0-1023.25","5.4.0-1026.29","5.4.0-1028.32","5.4.0-1029.33","5.4.0-1031.35","5.4.0-1032.36","5.4.0-1033.37","5.4.0-1034.38","5.4.0-1036.41","5.4.0-1037.42","5.4.0-1040.45","5.4.0-1041.46","5.4.0-1042.47","5.4.0-1044.49","5.4.0-1045.50","5.4.0-1046.51","5.4.0-1047.52","5.4.0-1048.53","5.4.0-1049.54","5.4.0-1050.55","5.4.0-1051.56","5.4.0-1052.57","5.4.0-1053.58","5.4.0-1054.59"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1056.61","binary_name":"linux-buildinfo-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-headers-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-ibm-cloud-tools-common"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-ibm-headers-5.4.0-1056"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-ibm-source-5.4.0"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-ibm-tools-5.4.0-1056"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-ibm-tools-common"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-image-unsigned-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-modules-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-modules-extra-5.4.0-1056-ibm"},{"binary_version":"5.4.0-1056.61","binary_name":"linux-tools-5.4.0-1056-ibm"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6357-1.json","cves_map":{"cves":[{"id":"CVE-2022-40982","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2002","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2163","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-2269","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3268","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-3609","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-3611","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-3776","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-20593","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-21255","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-31084","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-35823","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-35824","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2023-35828","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.5"}