This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8035697508072697387== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------SQoRAq1BGDdd1vBS2U0NAGc1"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------SQoRAq1BGDdd1vBS2U0NAGc1 Content-Type: multipart/mixed; boundary="------------x0yqhAwP6irmlOUrOglq9jpG"; protected-headers="v1" From: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Reply-To: security@ubuntu.com To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <a345ebdb-adbc-4566-a9f9-c1520232ac50@canonical.com> Subject: [USN-6520-1] Linux kernel (StarFive) vulnerabilities
--------------x0yqhAwP6irmlOUrOglq9jpG Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-6520-1 November 28, 2023
linux-starfive-6.2 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-starfive-6.2: Linux kernel for StarFive processors
Details:
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-31083)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085)
Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-3772)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate SMB request protocol IDs, leading to a out-of- bounds read vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-38430)
Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate command payload size, leading to a out-of-bounds read vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-38432)
It was discovered that the NFC implementation in the Linux kernel contained a use-after-free vulnerability when performing peer-to-peer communication in certain conditions. A privileged attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-3863)
Laurence Wit discovered that the KSMBD implementation in the Linux kernel did not properly validate a buffer size in certain situations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-3865)
Laurence Wit discovered that the KSMBD implementation in the Linux kernel contained a null pointer dereference vulnerability when handling handling chained requests. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-3866)
It was discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests, leading to an out-of-bounds read vulnerability. A remote attacker could use this to expose sensitive information. (CVE-2023-3867)
It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel did not properly handle device initialization failures in certain situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2023-4132)
It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-4134)
Thelford Williams discovered that the Ceph file system messenger protocol implementation in the Linux kernel did not properly validate frame segment length in certain situation, leading to a buffer overflow vulnerability. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-44466)
Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871)
Maxim Levitsky discovered that the KVM nested virtualization (SVM) implementation for AMD processors in the Linux kernel did not properly handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a denial of service (host kernel crash). (CVE-2023-5090)
It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5345)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: linux-image-6.2.0-1009-starfive 6.2.0-1009.10~22.04.1 linux-image-starfive 6.2.0.1009.10~22.04.2
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-6520-1 CVE-2023-25775, CVE-2023-31083, CVE-2023-31085, CVE-2023-3772, CVE-2023-38430, CVE-2023-38432, CVE-2023-3863, CVE-2023-3865, CVE-2023-3866, CVE-2023-3867, CVE-2023-4132, CVE-2023-4134, CVE-2023-44466, CVE-2023-45871, CVE-2023-5090, CVE-2023-5345
Package Information: https://launchpad.net/ubuntu/+source/linux-starfive-6.2/6.2.0-1009.10~22.04.1
--------------x0yqhAwP6irmlOUrOglq9jpG--
--------------SQoRAq1BGDdd1vBS2U0NAGc1 Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmVmToEFAwAAAAAACgkQZ0GeRcM5nt25 1AgAodZB1yicV9GR8CzI+0jbwmDAsPLL4FqPVJqIhNAZaacagGkUy/kHWry0+KBwlLGROcnNohPL J841fyCZq6R+ZF/HnymHF5/dqiMeChxmKjHE2cUm5/xVSMkqK/pn0BMT3ixKTZkx3OkWDVOaC6/r bgpPuB6lUHRGAgA1DCGIRfXdxazTLpjjX8T9kDsfHkiQ1cg4zjg5KqIMFQAnGTd5E+e1VS+0zunb C2l/ZNFSZ5AjFsGvBrFxVPIMZcTY2KpAqgN7mWuOfKulrUXHvTF03Jv40PRyPB6caeFe4DVHkjpJ 6S0/9GajCpQgSlD2vpg79YgywHdd50aYuzbcJQ8QIQ== =jvfs -----END PGP SIGNATURE-----
--------------SQoRAq1BGDdd1vBS2U0NAGc1--
--===============8035697508072697387== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============8035697508072697387==--
|