Linux Kernel Vulnerabilities in Ubuntu Let Hackers Launch DOS Attack & Execute Arbitrary Code

Several security vulnerabilities were recently addressed by Canonical in both Graphviz and the Linux kernel of Ubuntu.

Recent discoveries include null pointer dereference vulnerabilities in Graphviz and improper handling of indirect branch prediction isolation between L1 and L2 VMs in the KVM VMX implementation of the Linux kernel.

Affected Packages

Here below, we have mentioned all the affected packages:-

• graphviz – rich set of graph drawing tools
• linux – Linux kernel
• linux-oem-6.0 – Linux kernel for OEM systems
• linux-aws – Linux kernel for Amazon Web Services (AWS) systems
• linux-azure – Linux kernel for Microsoft Azure Cloud systems
• linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems
• linux-ibm – Linux kernel for IBM cloud systems
• linux-kvm – Linux kernel for cloud environments
• linux-lowlatency – Linux low latency kernel
• linux-oracle – Linux kernel for Oracle Cloud systems
• linux-raspi – Linux kernel for Raspberry Pi systems

Graphviz flaw

Graphviz is susceptible to being exploited via a specially crafted input file, which could cause problems like denial of service.

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and 14.04 ESM are the only versions affected by this issue. The graphviz software was discovered to be a victim of vulnerabilities related to a null pointer dereference.

A buffer overflow vulnerability has also been discovered in graphviz that could lead to arbitrary code execution.

Apart from this, here below we have mentioned the flaws that graphviz involved:-

• CVE-2018-10196
• CVE-2019-11023
• CVE-2020-18032

Linux Kernel Flaws

According to the ubuntu report, There is a risk of exposure of sensitive data from the host OS or other guest VMs if indirect branch prediction isolation is improperly handled between L1 and L2 virtual machines.

It has recently been discovered that the Xen network backend driver in the Linux kernel, in certain circumstances, exhibited a race condition when dealing with dropped packets and could not handle them properly.

Using this vulnerability, a hacker could cause a kernel deadlock, execute arbitrary code and cause a system crash by exploiting it. 

The Linux kernel’s implementation of the USB Gadget file system contains a race condition that can lead to use-after-free vulnerabilities in some circumstances, and Gerald Lee discovered this vulnerability.

Certain indirect branch prediction attacks were not adequately protected by the prctl syscall implementation in the Linux kernel, discovered by security analysts José Oliveira and Rodrigo Branco.

As a result, sensitive information could potentially be exposed if a local attacker used this method.

ALSA (Advanced Linux Sound Architecture) and io_uring, are both subsystems of the Linux kernel that contain one use-after-free vulnerability. Not only that, even the CIFS network file system also contains the same flaw. 

An integer overflow vulnerability exists in the Linux kernel’s RNDIS USB driver. An attacker with physical access to the system can insert a USB device with malicious code, potentially leading to a denial of service or the execution of arbitrary code.

“Linux kernel (OEM) vulnerabilities IN network queuing discipline implementation in the Linux kernel were discovered to contain a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-1281)”

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site

tracing, or executing arbitrary code. (CVE-2023-25152, CVE-2023-28162, CVE-2023-28176)

Apart from this, here below we have mentioned the flaws that the Linux kernel involved:-

• CVE-2022-4382
• CVE-2022-42328
• CVE-2022-2196
• CVE-2023-0469
• CVE-2023-0045
• CVE-2023-0266
• CVE-2023-23559
• CVE-2022-42329
• CVE-2023-1195

Solution

To correct this problem, you need to update your system to the following versions of the packages that we have mentioned below:-

• Ubuntu 20.04: graphviz – 2.42.2-3ubuntu0.1~esm1
• Ubuntu 18.04: graphviz – 2.40.1-2ubuntu0.1~esm1
• Ubuntu 14.04: graphviz – 2.36.0-0ubuntu3.2+esm1
• Ubuntu 22.10:-

• linux-image-5.19.0-38-generic-lpae – 5.19.0-38.39
• linux-image-virtual – 5.19.0.38.34
• linux-image-5.19.0-1015-raspi – 5.19.0-1015.22
• linux-image-generic-64k – 5.19.0.38.34
• linux-image-5.19.0-38-generic-64k – 5.19.0-38.39
• linux-image-aws – 5.19.0.1022.19
• linux-image-gcp – 5.19.0.1019.16
• linux-image-ibm – 5.19.0.1019.16
• linux-image-5.19.0-1019-ibm – 5.19.0-1019.21
• linux-image-5.19.0-1021-lowlatency – 5.19.0-1021.22
• linux-image-5.19.0-1021-lowlatency-64k – 5.19.0-1021.22
• linux-image-5.19.0-1022-aws – 5.19.0-1022.23
• linux-image-azure – 5.19.0.1022.18
• linux-image-raspi-nolpae – 5.19.0.1015.14
• linux-image-5.19.0-1015-raspi-nolpae – 5.19.0-1015.22
• linux-image-5.19.0-1019-gcp – 5.19.0-1019.21
• linux-image-5.19.0-1020-kvm – 5.19.0-1020.21
• linux-image-lowlatency-64k – 5.19.0.1021.17
• linux-image-oracle – 5.19.0.1019.16
• linux-image-generic – 5.19.0.38.34
• linux-image-raspi – 5.19.0.1015.14
• linux-image-5.19.0-1022-azure – 5.19.0-1022.23
• linux-image-kvm – 5.19.0.1020.17
• linux-image-5.19.0-38-generic – 5.19.0-38.39
• linux-image-generic-lpae – 5.19.0.38.34
• linux-image-5.19.0-1019-oracle – 5.19.0-1019.22
• linux-image-lowlatency – 5.19.0.1021.17

Moreover, Canonical affirmed that for all the necessary changes to take effect, users must reboot their computers after a standard system update.

You can follow up on the regular vulnerability fixes at Ubuntu Security Notices.

Also Read: Best Vulnerability Management Tools 2023

Related Read