Lucene search

K
osvGoogleOSV:USN-6950-3
HistoryAug 13, 2024 - 2:11 p.m.

linux-oracle vulnerabilities

2024-08-1314:11:15
Google
osv.dev
14
linux kernel
security issues
arm32
arm64
block layer
bluetooth
firewire
gpu drivers
infiniband
network drivers
s/390
scsi
file system
socket messages
bluetooth subsystem
networking
ipv4
ipv6
multipath tcp
wireless networking
key management
alsa framework
hd-audio driver

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

17.2%

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

  • ARM32 architecture;
  • ARM64 architecture;
  • Block layer subsystem;
  • Bluetooth drivers;
  • Clock framework and drivers;
  • FireWire subsystem;
  • GPU drivers;
  • InfiniBand drivers;
  • Multiple devices driver;
  • EEPROM drivers;
  • Network drivers;
  • Pin controllers subsystem;
  • Remote Processor subsystem;
  • S/390 drivers;
  • SCSI drivers;
  • 9P distributed file system;
  • Network file system client;
  • SMB network file system;
  • Socket messages infrastructure;
  • Dynamic debug library;
  • Bluetooth subsystem;
  • Networking core;
  • IPv4 networking;
  • IPv6 networking;
  • Multipath TCP;
  • NSH protocol;
  • Phonet protocol;
  • TIPC protocol;
  • Wireless networking;
  • Key management;
  • ALSA framework;
  • HD-audio driver;
    (CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,
    CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,
    CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,
    CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,
    CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,
    CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,
    CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,
    CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,
    CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,
    CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,
    CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,
    CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,
    CVE-2024-36944, CVE-2024-36939)

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.001

Percentile

17.2%