Tech Support
Documentation
Login
Contact Us
Several Linux Kernel Intel IoTG Vulnerabilities Fixed
Rohan Timalsina
October 25, 2023 - TuxCare expert team
The recent Ubuntu security updates released patches for several Intel IoTG vulnerabilities in the Ubuntu 22.04 LTS operating system. It is essential to update the linux-intel-iotg package (Linux kernel for Intel IoT platforms) to the newer version to address these security vulnerabilities.
This article will discuss some of the discovered vulnerabilities in detail along with their associated risks.
High Severity Intel IoTG Vulnerabilities
CVE-2023-2156
A vulnerability was found in the Linux kernel’s IPv6 RPL protocol implementation, where it did not appropriately manage user-supplied data. Exploiting this, a remote attacker could instigate a denial of service, resulting in a system crash.
CVE-2023-34319
Ross Lagerwall identified a vulnerability in the Linux kernel’s Xen netback backend driver. This flaw pertained to the inadequate handling of specific atypical packets originating from a paravirtualized network frontend, resulting in a buffer overflow. An attacker within a guest virtual machine could potentially exploit this to trigger a denial of service, leading to a host system crash or potentially execute arbitrary code.
CVE-2023-4244
Bien Pham detected a race condition in the Linux kernel’s netfilter subsystem, resulting in a use-after-free vulnerability. A local user could exploit this to trigger a denial of service, leading to a system crash, or executing arbitrary code.
CVE-2023-42753
Kyle Zeng identified an issue within the Linux kernel’s netfilter subsystem: array offsets were not accurately calculated, resulting in an out-of-bounds write vulnerability. A local user could exploit this vulnerability to potentially induce a denial of service (system crash) or execute arbitrary code.
CVE-2023-44466
Thelford Williams identified a buffer overflow vulnerability within the Linux kernel’s Ceph file system messenger protocol implementation. This issue stemmed from the inadequate validation of frame segment length under specific circumstances. A remote attacker could exploit this flaw to trigger a denial of service, resulting in a system crash, or execute arbitrary code.
CVE-2023-4622
Bing-Jhong Billy Jheng identified a race condition within the Linux kernel’s Unix domain socket implementation under specific circumstances. This vulnerability resulted in a use-after-free scenario, which a local attacker could potentially exploit to cause a denial of service or potentially execute arbitrary code.
CVE-2023-4623
Budimir Markovic found a vulnerability within the Linux kernel’s qdisc implementation, where inner classes were not adequately validated, resulting in a use-after-free vulnerability. A local user could exploit this flaw to trigger a denial of service, resulting in a system crash, or execute arbitrary code.
CVE-2023-4881
Alex Birnberg identified a vulnerability within the Linux kernel’s netfilter subsystem, where register length validation was inadequate, resulting in an out-of-bounds write vulnerability. A local attacker could potentially exploit this to initiate a denial of service, potentially causing a system crash.
CVE-2023-4921
A flaw was found in the Quick Fair Queueing scheduler implementation within the Linux kernel. It failed to correctly manage network packets under specific conditions, resulting in a use-after-free vulnerability. A local attacker could exploit this issue to trigger a denial of service, potentially leading to a system crash, or execute arbitrary code.
Critical & Medium Severity Intel IoTG Vulnerabilities
CVE-2023-20569
Daniel Trujillo, Johannes Wikner, and Kaveh Razavi identified a vulnerability in certain AMD processors that employ speculative execution and branch prediction. This flaw could potentially enable unauthorized memory reads through a speculative side-channel attack. A local attacker could exploit this to reveal sensitive data, including kernel memory.
CVE-2023-38432
Chih-Yen Chang identified a vulnerability within the Linux kernel’s KSMBD implementation, which failed to validate the size of the command payload adequately. This deficiency resulted in an out-of-bounds read vulnerability. A remote attacker might exploit this issue to potentially induce a denial of service, resulting in a system crash.
CVE-2023-42752
Kyle Zeng found a flaw in the networking stack implementation of the Linux kernel, where the skb object size wasn’t adequately validated under specific circumstances. An attacker could exploit this vulnerability to potentially trigger a denial of service (system crash) or execute arbitrary code.
CVE-2023-42755
Kyle Zeng identified an out-of-bounds read vulnerability within the IPv4 Resource Reservation Protocol (RSVP) classifier implementation in the Linux kernel. This flaw could be exploited by a local attacker to trigger a denial of service, resulting in a system crash. It’s important to note that the kernel’s packet classifier support for RSVP has been eliminated to address this vulnerability.
CVE-2023-42756
Kyle Zeng identified a race condition within the Linux kernel’s netfilter subsystem, specifically in IP set operations under certain conditions. This vulnerability could be leveraged by a local attacker to initiate a denial of service, resulting in a system crash.
Final Thoughts
It is crucial to conduct a standard system update to mitigate these Intel IoTG vulnerabilities. The updated package versions are available in the Ubuntu security notice. Following a system update, it is essential to reboot your computer to apply all the necessary changes.
For a more streamlined approach to patching that doesn’t require a system reboot, you might want to use KernelCare Enterprise. This comprehensive live patching solution is compatible with major Linux distributions such as Ubuntu, Debian, RHEL, CentOS, AlmaLinux, Oracle Linux, and others. KernelCare automatically applies all security patches, eliminating the need for system reboots or maintenance windows.
The sources for this article can be found on USN-6445-1.
