Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2023-52443): Linux kernel (OEM) vulnerabilities

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Ubuntu: (Multiple Advisories) (CVE-2023-52443): Linux kernel (OEM) vulnerabilities

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

02/22/2024

Created

03/13/2024

Added

03/12/2024

Modified

04/18/2024

Description

In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string ":samba-dcerpcd" is unpacked as a fully-qualified name and then passed to aa_splitn_fqname(). aa_splitn_fqname() treats ":samba-dcerpcd" as only containing a namespace. Thus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later aa_alloc_profile() crashes as the new profile name is NULL now. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 RIP: 0010:strlen+0x1e/0xa0 Call Trace: <TASK> ? strlen+0x1e/0xa0 aa_policy_init+0x1bb/0x230 aa_alloc_profile+0xb1/0x480 unpack_profile+0x3bc/0x4960 aa_unpack+0x309/0x15e0 aa_replace_profiles+0x213/0x33c0 policy_update+0x261/0x370 profile_replace+0x20e/0x2a0 vfs_write+0x2af/0xe00 ksys_write+0x126/0x250 do_syscall_64+0x46/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 </TASK> ---[ end trace 0000000000000000 ]--- RIP: 0010:strlen+0x1e/0xa0 It seems such behaviour of aa_splitn_fqname() is expected and checked in other places where it is called (e.g. aa_remove_profiles). Well, there is an explicit comment "a ns name without a following profile is allowed" inside. AFAICS, nothing can prevent unpacked "name" to be in form like ":samba-dcerpcd" - it is passed from userspace. Deny the whole profile set replacement in such case and inform user with EPROTO and an explaining message. Found by Linux Verification Center (linuxtesting.org).

Solution(s)

ubuntu-upgrade-linux-image-5-15-0-102-generic
ubuntu-upgrade-linux-image-5-15-0-102-generic-64k
ubuntu-upgrade-linux-image-5-15-0-102-generic-lpae
ubuntu-upgrade-linux-image-5-15-0-102-lowlatency
ubuntu-upgrade-linux-image-5-15-0-102-lowlatency-64k
ubuntu-upgrade-linux-image-5-15-0-1040-gkeop
ubuntu-upgrade-linux-image-5-15-0-1048-nvidia
ubuntu-upgrade-linux-image-5-15-0-1048-nvidia-lowlatency
ubuntu-upgrade-linux-image-5-15-0-1050-ibm
ubuntu-upgrade-linux-image-5-15-0-1050-raspi
ubuntu-upgrade-linux-image-5-15-0-1052-intel-iotg
ubuntu-upgrade-linux-image-5-15-0-1054-gke
ubuntu-upgrade-linux-image-5-15-0-1054-kvm
ubuntu-upgrade-linux-image-5-15-0-1055-gcp
ubuntu-upgrade-linux-image-5-15-0-1055-oracle
ubuntu-upgrade-linux-image-5-15-0-1057-aws
ubuntu-upgrade-linux-image-5-15-0-1060-azure
ubuntu-upgrade-linux-image-5-15-0-1060-azure-fde
ubuntu-upgrade-linux-image-5-4-0-1034-iot
ubuntu-upgrade-linux-image-5-4-0-1041-xilinx-zynqmp
ubuntu-upgrade-linux-image-5-4-0-1069-ibm
ubuntu-upgrade-linux-image-5-4-0-1082-bluefield
ubuntu-upgrade-linux-image-5-4-0-1089-gkeop
ubuntu-upgrade-linux-image-5-4-0-1106-raspi
ubuntu-upgrade-linux-image-5-4-0-1110-kvm
ubuntu-upgrade-linux-image-5-4-0-1121-oracle
ubuntu-upgrade-linux-image-5-4-0-1122-aws
ubuntu-upgrade-linux-image-5-4-0-1126-gcp
ubuntu-upgrade-linux-image-5-4-0-1127-azure
ubuntu-upgrade-linux-image-5-4-0-175-generic
ubuntu-upgrade-linux-image-5-4-0-175-lowlatency
ubuntu-upgrade-linux-image-5-4-0-176-generic
ubuntu-upgrade-linux-image-5-4-0-176-generic-lpae
ubuntu-upgrade-linux-image-5-4-0-176-lowlatency
ubuntu-upgrade-linux-image-6-1-0-1035-oem
ubuntu-upgrade-linux-image-aws
ubuntu-upgrade-linux-image-aws-lts-20-04
ubuntu-upgrade-linux-image-aws-lts-22-04
ubuntu-upgrade-linux-image-azure
ubuntu-upgrade-linux-image-azure-cvm
ubuntu-upgrade-linux-image-azure-fde
ubuntu-upgrade-linux-image-azure-fde-lts-22-04
ubuntu-upgrade-linux-image-azure-lts-20-04
ubuntu-upgrade-linux-image-azure-lts-22-04
ubuntu-upgrade-linux-image-bluefield
ubuntu-upgrade-linux-image-gcp
ubuntu-upgrade-linux-image-gcp-lts-20-04
ubuntu-upgrade-linux-image-gcp-lts-22-04
ubuntu-upgrade-linux-image-generic
ubuntu-upgrade-linux-image-generic-64k
ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
ubuntu-upgrade-linux-image-generic-hwe-18-04
ubuntu-upgrade-linux-image-generic-hwe-20-04
ubuntu-upgrade-linux-image-generic-lpae
ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
ubuntu-upgrade-linux-image-gke
ubuntu-upgrade-linux-image-gke-5-15
ubuntu-upgrade-linux-image-gkeop
ubuntu-upgrade-linux-image-gkeop-5-15
ubuntu-upgrade-linux-image-gkeop-5-4
ubuntu-upgrade-linux-image-ibm
ubuntu-upgrade-linux-image-ibm-lts-20-04
ubuntu-upgrade-linux-image-intel
ubuntu-upgrade-linux-image-intel-iotg
ubuntu-upgrade-linux-image-kvm
ubuntu-upgrade-linux-image-lowlatency
ubuntu-upgrade-linux-image-lowlatency-64k
ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
ubuntu-upgrade-linux-image-lowlatency-hwe-18-04
ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
ubuntu-upgrade-linux-image-nvidia
ubuntu-upgrade-linux-image-nvidia-lowlatency
ubuntu-upgrade-linux-image-oem
ubuntu-upgrade-linux-image-oem-20-04
ubuntu-upgrade-linux-image-oem-20-04b
ubuntu-upgrade-linux-image-oem-20-04c
ubuntu-upgrade-linux-image-oem-20-04d
ubuntu-upgrade-linux-image-oem-22-04
ubuntu-upgrade-linux-image-oem-22-04a
ubuntu-upgrade-linux-image-oem-22-04b
ubuntu-upgrade-linux-image-oem-22-04c
ubuntu-upgrade-linux-image-oem-osp1
ubuntu-upgrade-linux-image-oracle
ubuntu-upgrade-linux-image-oracle-lts-20-04
ubuntu-upgrade-linux-image-oracle-lts-22-04
ubuntu-upgrade-linux-image-raspi
ubuntu-upgrade-linux-image-raspi-hwe-18-04
ubuntu-upgrade-linux-image-raspi-nolpae
ubuntu-upgrade-linux-image-raspi2
ubuntu-upgrade-linux-image-snapdragon-hwe-18-04
ubuntu-upgrade-linux-image-virtual
ubuntu-upgrade-linux-image-virtual-hwe-18-04
ubuntu-upgrade-linux-image-virtual-hwe-20-04
ubuntu-upgrade-linux-image-xilinx-zynqmp

References

https://attackerkb.com/topics/cve-2023-52443
CVE - 2023-52443
USN-6688-1
USN-6725-1
USN-6725-2
USN-6726-1
USN-6726-2
USN-6726-3

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Ubuntu: (Multiple Advisories) (CVE-2023-52443): Linux kernel (OEM) vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2023-52443): Linux kernel (OEM) vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.