The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6652-1 advisory.

    Marek Marczykowski-Grecki discovered that the Xen event channel infrastructure implementation in the     Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a     denial of service (paravirtualized device unavailability). (CVE-2023-34324)

    Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during     device removal. A privileged attacker could use this to cause a denial of service (system crash).
    (CVE-2023-35827)

    Tom Dohrmann discovered that the Secure Encrypted Virtualization (SEV) implementation for AMD processors     in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV     guest VM could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary     code. (CVE-2023-46813)

    It was discovered that the io_uring subsystem in the Linux kernel contained a race condition, leading to a     null pointer dereference vulnerability. A local attacker could use this to cause a denial of service     (system crash). (CVE-2023-46862)

    It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the     Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial     of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780)

    It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel,     leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service     (system crash) or possibly execute arbitrary code. (CVE-2023-51781)

    It was discovered that the netfilter subsystem in the Linux kernel did not properly validate inner tunnel     netlink attributes, leading to a null pointer dereference vulnerability. A local attacker could use this     to cause a denial of service (system crash). (CVE-2023-5972)

    It was discovered that the TLS subsystem in the Linux kernel did not properly perform cryptographic     operations in some situations, leading to a null pointer dereference vulnerability. A local attacker could     use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-6176)

    Jann Horn discovered that a race condition existed in the Linux kernel when handling io_uring over     sockets, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of     service (system crash) or possibly execute arbitrary code. (CVE-2023-6531)

    Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle dynset     expressions passed from userspace, leading to a null pointer dereference vulnerability. A local attacker     could use this to cause a denial of service (system crash). (CVE-2023-6622)

    Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly     check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service     (system crash). (CVE-2023-6915)

    Robert Morris discovered that the CIFS network file system implementation in the Linux kernel did not     properly validate certain server commands fields, leading to an out-of-bounds read vulnerability. An     attacker could use this to cause a denial of service (system crash) or possibly expose sensitive     information. (CVE-2024-0565)

    Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly handle the release     of certain buffer rings. A local attacker could use this to cause a denial of service (system crash) or     possibly execute arbitrary code. (CVE-2024-0582)

    It was discovered that the TIPC protocol implementation in the Linux kernel did not properly handle     locking during tipc_crypto_key_revoke() operations. A local attacker could use this to cause a denial of     service (kernel deadlock). (CVE-2024-0641)

    Jann Horn discovered that the TLS subsystem in the Linux kernel did not properly handle spliced messages,     leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of     service (system crash) or possibly execute arbitrary code. (CVE-2024-0646)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 23.10 : Linux kernel (Azure) vulnerabilities (USN-6652-1)

high Nessus Plugin ID 190941

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Aug 28, 2024, 7:43 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202408281943
Version 1.2 Mar 11, 2024, 4:51 PM CVE (set "CVE" coverage to "CVE-2023-34324,CVE-2023-35827,CVE-2023-46813,CVE-2023-46862,CVE-2023-51780,CVE-2023-51781,CVE-2023-5972,CVE-2023-6176,CVE-2023-6531,CVE-2023-6622,CVE-2023-6915,CVE-2024-0565,CVE-2024-0582,CVE-2024-0641,CVE-2024-0646") CVSS metrics ("CVSSv2 score" set to 7.7. "CVSSv3 score" set to 7.8. "CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H". "CVSSv2 vector" set to "CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 score source (set to "CVE-2024-0565") CVSSv3 score source (set to "CVE-2024-0646") Detection (updated detection logic) Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin metadata Plugin Feed: 202403111651
Version 1.1 Feb 29, 2024, 8:48 PM CVE (set "CVE" coverage to "") CVSS metrics ("CVSSv2 score" set to 0.0. "CVSSv2 vector" set to none. "CVSSv3 score" set to 0.0. "CVSSv3 vector" set to none) CVSS temporal metrics ("CVSSv2 temporal vector" set to none. "CVSSv3 temporal vector" set to none) CVSSv2 score source (changed from "CVE-2024-0565" to none) CVSSv2 severity (based on None, severity decreased from "High" to "Low") CVSSv3 score source (changed from "CVE-2024-0646" to none) CVSSv3 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Exploit attributes ("Exploit available" changed from "True" to "False". "Exploitability ease" changed from "Exploits are available" to "No known exploits are available") Plugin metadata Plugin Feed: 202402292048
Version 1.0 Feb 24, 2024, 7:18 AM New Plugin Feed: 202402240718