{"id":"USN-6495-2","summary":"linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop vulnerabilities","details":"Yu Hao discovered that the UBI driver in the Linux kernel did not properly\ncheck for MTD with zero erasesize during device attachment. A local\nprivileged attacker could use this to cause a denial of service (system\ncrash). (CVE-2023-31085)\n\nManfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb)\nEthernet driver in the Linux kernel did not properly validate received\nframes that are larger than the set MTU size, leading to a buffer overflow\nvulnerability. An attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-45871)\n","modified":"2026-02-10T04:43:26Z","published":"2023-11-30T17:38:29Z","related":["UBUNTU-CVE-2023-31085","UBUNTU-CVE-2023-45871"],"upstream":["CVE-2023-31085","CVE-2023-45871","UBUNTU-CVE-2023-31085","UBUNTU-CVE-2023-45871"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6495-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-31085"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-45871"}],"affected":[{"package":{"name":"linux-azure-5.4","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/linux-azure-5.4@5.4.0-1120.127~18.04.1?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1120.127~18.04.1"}]}],"versions":["5.4.0-1020.20~18.04.1","5.4.0-1022.22~18.04.1","5.4.0-1023.23~18.04.1","5.4.0-1025.25~18.04.1","5.4.0-1026.26~18.04.1","5.4.0-1031.32~18.04.1","5.4.0-1032.33~18.04.1","5.4.0-1034.35~18.04.1","5.4.0-1035.36~18.04.1","5.4.0-1036.38~18.04.1","5.4.0-1039.41~18.04.1","5.4.0-1040.42~18.04.1","5.4.0-1041.43~18.04.1","5.4.0-1043.45~18.04.1","5.4.0-1044.46~18.04.1","5.4.0-1046.48~18.04.1","5.4.0-1047.49~18.04.1","5.4.0-1048.50~18.04.1","5.4.0-1049.51~18.04.1","5.4.0-1051.53~18.04.1","5.4.0-1055.57~18.04.1","5.4.0-1056.58~18.04.1","5.4.0-1058.60~18.04.1","5.4.0-1059.62~18.04.1","5.4.0-1061.64~18.04.1","5.4.0-1062.65~18.04.1","5.4.0-1063.66~18.04.1","5.4.0-1064.67~18.04.1","5.4.0-1065.68~18.04.1","5.4.0-1067.70~18.04.1","5.4.0-1068.71~18.04.1","5.4.0-1069.72~18.04.1","5.4.0-1070.73~18.04.1","5.4.0-1072.75~18.04.1","5.4.0-1073.76~18.04.1","5.4.0-1074.77~18.04.1","5.4.0-1077.80~18.04.1","5.4.0-1078.81~18.04.1","5.4.0-1080.83~18.04.2","5.4.0-1083.87~18.04.1","5.4.0-1085.90~18.04.1","5.4.0-1086.91~18.04.1","5.4.0-1089.94~18.04.1","5.4.0-1090.95~18.04.1","5.4.0-1091.96~18.04.1","5.4.0-1094.100~18.04.1","5.4.0-1095.101~18.04.1","5.4.0-1098.104~18.04.2","5.4.0-1100.106~18.04.1","5.4.0-1101.107~18.04.1","5.4.0-1103.109~18.04.1","5.4.0-1104.110~18.04.1","5.4.0-1105.111~18.04.1","5.4.0-1106.112~18.04.1","5.4.0-1107.113~18.04.1","5.4.0-1108.114~18.04.1","5.4.0-1109.115~18.04.1","5.4.0-1110.116~18.04.1","5.4.0-1111.117~18.04.1","5.4.0-1112.118~18.04.1","5.4.0-1113.119~18.04.1","5.4.0-1115.122~18.04.1","5.4.0-1116.123~18.04.1","5.4.0-1117.124~18.04.1","5.4.0-1118.125~18.04.1","5.4.0-1119.126~18.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-azure-5.4-cloud-tools-5.4.0-1120"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-azure-5.4-headers-5.4.0-1120"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-azure-5.4-tools-5.4.0-1120"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-buildinfo-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-cloud-tools-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-headers-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-image-unsigned-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-modules-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-modules-extra-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127~18.04.1","binary_name":"linux-tools-5.4.0-1120-azure"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-31085"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-45871"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6495-2.json"}},{"package":{"name":"linux-gcp-5.4","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/linux-gcp-5.4@5.4.0-1118.127~18.04.1?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1118.127~18.04.1"}]}],"versions":["5.4.0-1019.19~18.04.2","5.4.0-1021.21~18.04.1","5.4.0-1022.22~18.04.1","5.4.0-1024.24~18.04.1","5.4.0-1025.25~18.04.1","5.4.0-1028.29~18.04.1","5.4.0-1029.31~18.04.1","5.4.0-1030.32~18.04.1","5.4.0-1032.34~18.04.1","5.4.0-1033.35~18.04.1","5.4.0-1034.37~18.04.1","5.4.0-1036.39~18.04.1","5.4.0-1037.40~18.04.1","5.4.0-1038.41~18.04.1","5.4.0-1040.43~18.04.1","5.4.0-1041.44~18.04.1","5.4.0-1042.45~18.04.1","5.4.0-1043.46~18.04.1","5.4.0-1044.47~18.04.2","5.4.0-1046.49~18.04.1","5.4.0-1049.53~18.04.1","5.4.0-1051.55~18.04.1","5.4.0-1052.56~18.04.1","5.4.0-1053.57~18.04.1","5.4.0-1055.59~18.04.1","5.4.0-1056.60~18.04.1","5.4.0-1057.61~18.04.1","5.4.0-1058.62~18.04.1","5.4.0-1059.63~18.04.1","5.4.0-1060.64~18.04.1","5.4.0-1062.66~18.04.1","5.4.0-1063.67~18.04.1","5.4.0-1064.68~18.04.1","5.4.0-1065.69~18.04.1","5.4.0-1067.71~18.04.1","5.4.0-1068.72~18.04.1","5.4.0-1069.73~18.04.1","5.4.0-1072.77~18.04.1","5.4.0-1073.78~18.04.1","5.4.0-1075.80~18.04.1","5.4.0-1078.84~18.04.1","5.4.0-1080.87~18.04.1","5.4.0-1083.91~18.04.1","5.4.0-1084.92~18.04.1","5.4.0-1086.94~18.04.1","5.4.0-1087.95~18.04.1","5.4.0-1089.97~18.04.1","5.4.0-1092.101~18.04.1","5.4.0-1093.102~18.04.1","5.4.0-1096.105~18.04.2","5.4.0-1097.106~18.04.1","5.4.0-1098.107~18.04.1","5.4.0-1100.109~18.04.1","5.4.0-1101.110~18.04.1","5.4.0-1102.111~18.04.2","5.4.0-1103.112~18.04.1","5.4.0-1104.113~18.04.1","5.4.0-1105.114~18.04.1","5.4.0-1106.115~18.04.1","5.4.0-1107.116~18.04.1","5.4.0-1108.117~18.04.1","5.4.0-1109.118~18.04.1","5.4.0-1110.119~18.04.1","5.4.0-1111.120~18.04.1","5.4.0-1112.121~18.04.1","5.4.0-1113.122~18.04.1","5.4.0-1115.124~18.04.1","5.4.0-1116.125~18.04.1","5.4.0-1117.126~18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-buildinfo-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-gcp-5.4-headers-5.4.0-1118"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-gcp-5.4-tools-5.4.0-1118"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-headers-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-image-unsigned-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-modules-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-modules-extra-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127~18.04.1","binary_name":"linux-tools-5.4.0-1118-gcp"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-31085"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-45871"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6495-2.json"}},{"package":{"name":"linux-azure","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-azure@5.4.0-1120.127?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1120.127"}]}],"versions":["5.3.0-1003.3","5.3.0-1008.9","5.3.0-1009.10","5.4.0-1006.6","5.4.0-1008.8","5.4.0-1009.9","5.4.0-1010.10","5.4.0-1012.12","5.4.0-1016.16","5.4.0-1019.19","5.4.0-1020.20","5.4.0-1022.22","5.4.0-1023.23","5.4.0-1025.25","5.4.0-1026.26","5.4.0-1031.32","5.4.0-1032.33","5.4.0-1034.35","5.4.0-1035.36","5.4.0-1036.38","5.4.0-1039.41","5.4.0-1040.42","5.4.0-1041.43","5.4.0-1043.45","5.4.0-1044.46","5.4.0-1046.48","5.4.0-1047.49","5.4.0-1048.50","5.4.0-1049.51","5.4.0-1051.53","5.4.0-1055.57","5.4.0-1056.58","5.4.0-1058.60","5.4.0-1059.62","5.4.0-1061.64","5.4.0-1062.65","5.4.0-1063.66","5.4.0-1064.67","5.4.0-1065.68","5.4.0-1067.70","5.4.0-1068.71","5.4.0-1069.72","5.4.0-1070.73","5.4.0-1072.75","5.4.0-1073.76","5.4.0-1074.77","5.4.0-1077.80","5.4.0-1078.81","5.4.0-1080.83","5.4.0-1083.87","5.4.0-1085.90","5.4.0-1086.91","5.4.0-1089.94","5.4.0-1090.95","5.4.0-1091.96","5.4.0-1094.100","5.4.0-1095.101","5.4.0-1098.104","5.4.0-1100.106","5.4.0-1101.107","5.4.0-1103.109","5.4.0-1104.110","5.4.0-1105.111","5.4.0-1106.112","5.4.0-1107.113","5.4.0-1108.114","5.4.0-1109.115","5.4.0-1110.116","5.4.0-1111.117","5.4.0-1112.118","5.4.0-1113.119","5.4.0-1114.120","5.4.0-1115.122","5.4.0-1116.123","5.4.0-1117.124","5.4.0-1118.125","5.4.0-1119.126"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1120.127","binary_name":"linux-azure-cloud-tools-5.4.0-1120"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-azure-headers-5.4.0-1120"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-azure-tools-5.4.0-1120"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-buildinfo-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-cloud-tools-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-headers-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-image-unsigned-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-modules-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-modules-extra-5.4.0-1120-azure"},{"binary_version":"5.4.0-1120.127","binary_name":"linux-tools-5.4.0-1120-azure"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-31085"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-45871"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6495-2.json"}},{"package":{"name":"linux-gcp","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-gcp@5.4.0-1118.127?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1118.127"}]}],"versions":["5.3.0-1004.4","5.3.0-1009.10","5.3.0-1011.12","5.4.0-1005.5","5.4.0-1007.7","5.4.0-1008.8","5.4.0-1009.9","5.4.0-1011.11","5.4.0-1015.15","5.4.0-1018.18","5.4.0-1019.19","5.4.0-1021.21","5.4.0-1022.22","5.4.0-1024.24","5.4.0-1025.25","5.4.0-1028.29","5.4.0-1029.31","5.4.0-1030.32","5.4.0-1032.34","5.4.0-1033.35","5.4.0-1034.37","5.4.0-1036.39","5.4.0-1037.40","5.4.0-1038.41","5.4.0-1040.43","5.4.0-1041.44","5.4.0-1042.45","5.4.0-1043.46","5.4.0-1044.47","5.4.0-1046.49","5.4.0-1049.53","5.4.0-1051.55","5.4.0-1052.56","5.4.0-1053.57","5.4.0-1055.59","5.4.0-1056.60","5.4.0-1057.61","5.4.0-1058.62","5.4.0-1059.63","5.4.0-1060.64","5.4.0-1062.66","5.4.0-1063.67","5.4.0-1064.68","5.4.0-1065.69","5.4.0-1067.71","5.4.0-1068.72","5.4.0-1069.73","5.4.0-1072.77","5.4.0-1073.78","5.4.0-1075.80","5.4.0-1078.84","5.4.0-1080.87","5.4.0-1083.91","5.4.0-1084.92","5.4.0-1086.94","5.4.0-1087.95","5.4.0-1089.97","5.4.0-1090.98","5.4.0-1092.101","5.4.0-1093.102","5.4.0-1096.105","5.4.0-1097.106","5.4.0-1098.107","5.4.0-1100.109","5.4.0-1101.110","5.4.0-1102.111","5.4.0-1103.112","5.4.0-1104.113","5.4.0-1105.114","5.4.0-1106.115","5.4.0-1107.116","5.4.0-1108.117","5.4.0-1109.118","5.4.0-1110.119","5.4.0-1111.120","5.4.0-1112.121","5.4.0-1113.122","5.4.0-1115.124","5.4.0-1116.125","5.4.0-1117.126"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1118.127","binary_name":"linux-buildinfo-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-gcp-headers-5.4.0-1118"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-gcp-tools-5.4.0-1118"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-headers-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-image-unsigned-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-modules-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-modules-extra-5.4.0-1118-gcp"},{"binary_version":"5.4.0-1118.127","binary_name":"linux-tools-5.4.0-1118-gcp"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-31085"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-45871"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6495-2.json"}},{"package":{"name":"linux-gkeop","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-gkeop@5.4.0-1081.85?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1081.85"}]}],"versions":["5.4.0-1008.9","5.4.0-1009.10","5.4.0-1010.11","5.4.0-1011.12","5.4.0-1012.13","5.4.0-1013.14","5.4.0-1014.15","5.4.0-1015.16","5.4.0-1016.17","5.4.0-1018.19","5.4.0-1021.22","5.4.0-1022.23","5.4.0-1023.24","5.4.0-1024.25","5.4.0-1025.26","5.4.0-1026.27","5.4.0-1027.28","5.4.0-1029.30","5.4.0-1031.32","5.4.0-1032.33","5.4.0-1033.34","5.4.0-1034.35","5.4.0-1036.37","5.4.0-1037.38","5.4.0-1038.39","5.4.0-1039.40","5.4.0-1040.41","5.4.0-1043.44","5.4.0-1046.48","5.4.0-1048.51","5.4.0-1049.52","5.4.0-1051.54","5.4.0-1052.55","5.4.0-1053.56","5.4.0-1054.57","5.4.0-1056.60","5.4.0-1057.61","5.4.0-1060.64","5.4.0-1061.65","5.4.0-1062.66","5.4.0-1064.68","5.4.0-1065.69","5.4.0-1066.70","5.4.0-1067.71","5.4.0-1068.72","5.4.0-1069.73","5.4.0-1070.74","5.4.0-1071.75","5.4.0-1072.76","5.4.0-1073.77","5.4.0-1074.78","5.4.0-1075.79","5.4.0-1076.80","5.4.0-1077.81","5.4.0-1078.82","5.4.0-1079.83","5.4.0-1080.84"],"ecosystem_specific":{"binaries":[{"binary_version":"5.4.0-1081.85","binary_name":"linux-buildinfo-5.4.0-1081-gkeop"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-cloud-tools-5.4.0-1081-gkeop"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-gkeop-cloud-tools-5.4.0-1081"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-gkeop-headers-5.4.0-1081"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-gkeop-source-5.4.0"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-gkeop-tools-5.4.0-1081"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-headers-5.4.0-1081-gkeop"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-image-unsigned-5.4.0-1081-gkeop"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-modules-5.4.0-1081-gkeop"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-modules-extra-5.4.0-1081-gkeop"},{"binary_version":"5.4.0-1081.85","binary_name":"linux-tools-5.4.0-1081-gkeop"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2023-31085"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2023-45871"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6495-2.json"}}],"schema_version":"1.7.3"}