The French Computer Emergency Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in the Ubuntu Linux kernel. These vulnerabilities could potentially lead to data integrity breaches, data confidentiality breaches, arbitrary remote code execution, security policy bypass, and remote denial of service attacks.
Risk(s):
- Data Integrity Breach
- Data Confidentiality Breach
- Security Policy Bypass
- Remote Denial of Service
- Arbitrary Remote Code Execution
Affected Systems:
- Ubuntu 14.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 18.04 ESM
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 23.04
Summary: Multiple vulnerabilities have been discovered in the Ubuntu Linux kernel, some of which could allow an attacker to compromise data integrity, data confidentiality, and execute arbitrary code remotely.
Solution: For information on obtaining the necessary security patches, please refer to the publisher’s security bulletin (see Documentation section).
Documentation:
- Ubuntu Security Notice USN-6338-2 dated September 8, 2023: Link
- Ubuntu Security Notice USN-6339-2 dated September 8, 2023: Link
- Ubuntu Security Notice USN-6340-2 dated September 8, 2023: Link
- Ubuntu Security Notice USN-6342-2 dated September 8, 2023: Link
- Ubuntu Security Notice USN-6357-1 dated September 11, 2023: Link
- Ubuntu Security Notice USN-6339-3 dated September 11, 2023: Link
CVE References:
- CVE-2022-40982: Link
- CVE-2022-48425: Link
- CVE-2023-2002: Link
- CVE-2023-20593: Link
- CVE-2023-21255: Link
- CVE-2023-2163: Link
- CVE-2023-2269: Link
- CVE-2023-2898: Link
- CVE-2023-2985: Link
- CVE-2023-31084: Link
- CVE-2023-3212: Link
- CVE-2023-32247: Link
- CVE-2023-32250: Link
- CVE-2023-32252: Link
- CVE-2023-32257: Link
- CVE-2023-32258: Link
- CVE-2023-3268: Link
- CVE-2023-35823: Link
- CVE-2023-35824: Link
- CVE-2023-35828: Link
- CVE-2023-3609: Link
- CVE-2023-3611: Link
- CVE-2023-3776: Link
- CVE-2023-38426: Link
- CVE-2023-38428: Link
- CVE-2023-38429: Link