Canonical Ubuntu Linux vulnerabilities

CVE-2022-2588 [MEDIUM] CWE-416 CVE-2022-2588: It was discovered that the cls_route filter implementation in the Linux kernel would not remove an o It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

CVE-2022-2585 [MEDIUM] CWE-416 CVE-2022-2585: It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.

CVE-2023-1032 [MEDIUM] CWE-415 CVE-2023-1032: The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socke The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

CVE-2023-5536 [MEDIUM] CWE-276 CVE-2023-5536: A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privi A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.

CVE-2023-45866 [MEDIUM] CVE-2023-45866: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate an Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ub

CVE-2023-4911 [HIGH] CWE-122 CVE-2023-4911: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GL A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

CVE-2023-44216 [MEDIUM] CWE-203 CVE-2023-44216: PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transpar PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one ori

CVE-2023-3777 [HIGH] CWE-416 CVE-2023-3777: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6

CVE-2023-1523 [CRITICAL] CWE-74 CVE-2023-1523: Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the cont Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when sna

CVE-2023-3297 [HIGH] CWE-416 CVE-2023-3297: In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerabilit In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.

CVE-2023-40283 [HIGH] CWE-416 CVE-2023-40283: An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel befo An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.

CVE-2023-32629 [HIGH] CWE-863 CVE-2023-32629: Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data ski Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels

CVE-2023-2640 [HIGH] CWE-863 CVE-2023-2640: On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.

CVE-2023-3567 [HIGH] CWE-416 CVE-2023-3567: A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

CVE-2023-31248 [HIGH] CWE-416 CVE-2023-31248: Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byi Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

CVE-2023-3389 [HIGH] CWE-416 CVE-2023-3389: A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve lo A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and

CVE-2023-35788 [HIGH] CWE-787 CVE-2023-35788: An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6. An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

CVE-2023-2612 [MEDIUM] CWE-667 CVE-2023-2612: Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).

CVE-2023-1786 [MEDIUM] CWE-532 CVE-2023-1786: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use t Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.

CVE-2022-2084 [MEDIUM] CWE-532 CVE-2022-2084: Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.