linux, linux-aws, linux-aws-6.5, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-nvidia-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-raspi, linux-signed, linux-signed-aws, linux-signed-aws-6.5, linux-starfive, linux-starfive-6.5 vulnerabilities

2024-05-1614:27:39

Google

osv.dev

broadcom fullmac wlan use-after-free

branch history injection

intel

hardware random number generator

ext4 file system

jfs file system

bluetooth subsystem

networking core

ipv4 networking

logical link layer

netlink

tomoyo security module

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.6%

JSON

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

Hardware random number generator core;
Ext4 file system;
JFS file system;
Bluetooth subsystem;
Networking core;
IPv4 networking;
Logical Link layer;
Netlink;
Tomoyo security module;
(CVE-2024-26704, CVE-2023-52615, CVE-2024-26805, CVE-2023-52604,
CVE-2024-26614, CVE-2023-52602, CVE-2024-26635, CVE-2024-26622,
CVE-2023-52601, CVE-2024-26801)