Ubuntu: (Multiple Advisories) (CVE-2023-1095): Linux kernel (AWS) vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2023-1095): Linux kernel (AWS) vulnerabilities

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

02/28/2023

Created

05/05/2023

Added

04/10/2023

Modified

01/28/2025

Description

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.

Solution(s)

• ubuntu-upgrade-linux-image-4-4-0-1117-aws
• ubuntu-upgrade-linux-image-4-4-0-1118-kvm
• ubuntu-upgrade-linux-image-4-4-0-1155-aws
• ubuntu-upgrade-linux-image-4-4-0-239-generic
• ubuntu-upgrade-linux-image-4-4-0-239-lowlatency
• ubuntu-upgrade-linux-image-5-17-0-1030-oem
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-lts-xenial
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-lts-xenial
• ubuntu-upgrade-linux-image-oem-22-04
• ubuntu-upgrade-linux-image-oem-22-04a
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-lts-xenial

References

• https://attackerkb.com/topics/cve-2023-1095
• CVE - 2023-1095
• USN-6001-1
• USN-6013-1
• USN-6014-1
• USN-6031-1