{"id":"USN-6639-1","summary":"linux-oem-6.1 vulnerabilities","details":"It was discovered that a race condition existed in the ATM (Asynchronous\nTransfer Mode) subsystem of the Linux kernel, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-51780)\n\nIt was discovered that a race condition existed in the AppleTalk networking\nsubsystem of the Linux kernel, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-51781)\n\nIt was discovered that a race condition existed in the Rose X.25 protocol\nimplementation in the Linux kernel, leading to a use-after- free\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2023-51782)\n\nAlon Zahavi discovered that the NVMe-oF/TCP subsystem of the Linux kernel\ndid not properly handle connect command payloads in certain situations,\nleading to an out-of-bounds read vulnerability. A remote attacker could use\nthis to expose sensitive information (kernel memory). (CVE-2023-6121)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nhandling io_uring over sockets, leading to a use-after-free vulnerability.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-6531)\n\nXingyuan Mo discovered that the netfilter subsystem in the Linux kernel did\nnot properly handle dynset expressions passed from userspace, leading to a\nnull pointer dereference vulnerability. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2023-6622)\n\nIt was discovered that the IGMP protocol implementation in the Linux kernel\ncontained a race condition, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2023-6932)\n\nRobert Morris discovered that the CIFS network file system implementation\nin the Linux kernel did not properly validate certain server commands\nfields, leading to an out-of-bounds read vulnerability. An attacker could\nuse this to cause a denial of service (system crash) or possibly expose\nsensitive information. (CVE-2024-0565)\n\nDan Carpenter discovered that the netfilter subsystem in the Linux kernel\ndid not store data in properly sized memory locations. A local user could\nuse this to cause a denial of service (system crash). (CVE-2024-0607)\n\nJann Horn discovered that the TLS subsystem in the Linux kernel did not\nproperly handle spliced messages, leading to an out-of-bounds write\nvulnerability. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2024-0646)\n\nYang Chaoming discovered that the KSMBD implementation in the Linux kernel\ndid not properly validate request buffer sizes, leading to an out-of-bounds\nread vulnerability. An attacker could use this to cause a denial of service\n(system crash) or possibly expose sensitive information. (CVE-2024-22705)\n","modified":"2026-04-27T17:17:23.576653719Z","published":"2024-02-15T03:33:26Z","related":["UBUNTU-CVE-2023-51780","UBUNTU-CVE-2023-51781","UBUNTU-CVE-2023-51782","UBUNTU-CVE-2023-6121","UBUNTU-CVE-2023-6531","UBUNTU-CVE-2023-6622","UBUNTU-CVE-2023-6932","UBUNTU-CVE-2024-0565","UBUNTU-CVE-2024-0607","UBUNTU-CVE-2024-0646","UBUNTU-CVE-2024-22705"],"upstream":["CVE-2023-51780","CVE-2023-51781","CVE-2023-51782","CVE-2023-6121","CVE-2023-6531","CVE-2023-6622","CVE-2023-6932","CVE-2024-0565","CVE-2024-0607","CVE-2024-0646","CVE-2024-22705","UBUNTU-CVE-2023-51780","UBUNTU-CVE-2023-51781","UBUNTU-CVE-2023-51782","UBUNTU-CVE-2023-6121","UBUNTU-CVE-2023-6531","UBUNTU-CVE-2023-6622","UBUNTU-CVE-2023-6932","UBUNTU-CVE-2024-0565","UBUNTU-CVE-2024-0607","UBUNTU-CVE-2024-0646","UBUNTU-CVE-2024-22705"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6639-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6121"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6531"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6622"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6932"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-51780"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-51781"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-51782"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-0565"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-0607"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-0646"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-22705"}],"affected":[{"package":{"name":"linux-oem-6.1","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/linux-oem-6.1@6.1.0-1033.33?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.1.0-1033.33"}]}],"versions":["6.1.0-1004.4","6.1.0-1006.6","6.1.0-1007.7","6.1.0-1008.8","6.1.0-1009.9","6.1.0-1010.10","6.1.0-1012.12","6.1.0-1013.13","6.1.0-1014.14","6.1.0-1015.15","6.1.0-1016.16","6.1.0-1017.17","6.1.0-1019.19","6.1.0-1020.20","6.1.0-1021.21","6.1.0-1022.22","6.1.0-1023.23","6.1.0-1024.24","6.1.0-1025.25","6.1.0-1026.26","6.1.0-1027.27","6.1.0-1028.28","6.1.0-1029.29"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.0-1033.33","binary_name":"linux-buildinfo-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-headers-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-image-unsigned-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-modules-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-modules-ipu6-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-modules-ivsc-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-modules-iwlwifi-6.1.0-1033-oem"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-oem-6.1-headers-6.1.0-1033"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-oem-6.1-tools-6.1.0-1033"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-oem-6.1-tools-host"},{"binary_version":"6.1.0-1033.33","binary_name":"linux-tools-6.1.0-1033-oem"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6639-1.json","cves_map":{"cves":[{"id":"CVE-2023-6121","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-6531","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-6622","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-6932","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-51780","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-51781","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2023-51782","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0565","severity":[{"score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0607","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0646","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2024-22705","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.5"}