{"id":"USN-6461-1","summary":"linux-oem-6.1 vulnerabilities","details":"Yu Hao discovered that the UBI driver in the Linux kernel did not properly\ncheck for MTD with zero erasesize during device attachment. A local\nprivileged attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-31085)\n\nMarek Marczykowski-Górecki discovered that the Xen event channel\ninfrastructure implementation in the Linux kernel contained a race\ncondition. An attacker in a guest VM could possibly use this to cause a\ndenial of service (paravirtualized device unavailability). (CVE-2023-34324)\n\nLucas Leong discovered that the netfilter subsystem in the Linux kernel did\nnot properly validate some attributes passed from userspace. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly expose sensitive information (kernel memory). (CVE-2023-39189)\n\nBien Pham discovered that the netfiler subsystem in the Linux kernel\ncontained a race condition, leading to a use-after-free vulnerability. A\nlocal user could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2023-4244)\n\nKyle Zeng discovered that the IPv4 implementation in the Linux kernel did\nnot properly handle socket buffers (skb) when performing IP routing in\ncertain circumstances, leading to a null pointer dereference vulnerability.\nA privileged attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-42754)\n\nIt was discovered that the Quick Fair Queueing scheduler implementation in\nthe Linux kernel did not properly handle network packets in certain\nconditions, leading to a use after free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2023-4921)\n\nIt was discovered that the SMB network file sharing protocol implementation\nin the Linux kernel did not properly handle certain error conditions,\nleading to a use-after-free vulnerability. A local attacker could use this\nto cause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2023-5345)\n\n","modified":"2026-02-10T04:43:24Z","published":"2023-10-31T12:51:27Z","related":["UBUNTU-CVE-2023-31085","UBUNTU-CVE-2023-34324","UBUNTU-CVE-2023-39189","UBUNTU-CVE-2023-4244","UBUNTU-CVE-2023-42754","UBUNTU-CVE-2023-4921","UBUNTU-CVE-2023-5345"],"upstream":["CVE-2023-31085","CVE-2023-34324","CVE-2023-39189","CVE-2023-4244","CVE-2023-42754","CVE-2023-4921","CVE-2023-5345","UBUNTU-CVE-2023-31085","UBUNTU-CVE-2023-34324","UBUNTU-CVE-2023-39189","UBUNTU-CVE-2023-4244","UBUNTU-CVE-2023-42754","UBUNTU-CVE-2023-4921","UBUNTU-CVE-2023-5345"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6461-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-4244"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-4921"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-5345"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-31085"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-34324"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-39189"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-42754"}],"affected":[{"package":{"name":"linux-oem-6.1","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-6.1@6.1.0-1025.25?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.0-1025.25"}]}],"versions":["6.1.0-1004.4","6.1.0-1006.6","6.1.0-1007.7","6.1.0-1008.8","6.1.0-1009.9","6.1.0-1010.10","6.1.0-1012.12","6.1.0-1013.13","6.1.0-1014.14","6.1.0-1015.15","6.1.0-1016.16","6.1.0-1017.17","6.1.0-1019.19","6.1.0-1020.20","6.1.0-1021.21","6.1.0-1022.22","6.1.0-1023.23","6.1.0-1024.24"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-buildinfo-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-headers-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-image-unsigned-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-modules-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-modules-ipu6-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-modules-ivsc-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-modules-iwlwifi-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-oem-6.1-headers-6.1.0-1025","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-oem-6.1-tools-6.1.0-1025","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-oem-6.1-tools-host","binary_version":"6.1.0-1025.25"},{"binary_name":"linux-tools-6.1.0-1025-oem","binary_version":"6.1.0-1025.25"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6461-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2023-4244","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}]},{"id":"CVE-2023-4921","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}]},{"id":"CVE-2023-5345","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}]},{"id":"CVE-2023-31085","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2023-34324","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-39189","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-42754","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.3"}