USN-7089-7 linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

CVE-2024-53045 ASoC: dapm: fix bounds checker error in dapm_widget_list_create

In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: fix bounds checker error in dapmwidgetlistcreate The widgets array in the sndsocdapmwidgetlist has a countedby attribute attached to it, which points to the numwidgets variable. This attribute is used in bounds...

SUSE CVE-2024-50293

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...

The vulnerability of the mac80211 component in the Linux operating system allows a hacker to gain elevated privileges within the system.

The vulnerability of the mac80211 component in the Linux operating system’s kernel is related to memory corruption that occurs after the release of a variable in the function ieee80211changestation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

CVE-2021-1132 Cisco Network Services Orchestrator Path Traversal Vulnerability

A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly...

USN-7089-6 linux-gke vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7089-6)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7089-6 advisory. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local...

CLSA-2024-1731605761 Fix of 67 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-42265 - protect the fetch of -fdfd in dodup2 from mispredictions CVE-url: https://ubuntu.com/security/CVE-2024-47669 - nilfs2: fix state management in error path of log writing function CVE-url: https://ubuntu.com/security/CVE-2023-52918 - media: pci:...

USN-7110-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - HW tracing; - ISDN/mISDN subsystem; - Media drivers; - Network drivers; - SCSI drivers; - USB...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7089-5)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7089-5 advisory. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local...

USN-7089-4: Linux kernel vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

USN-7089-4 linux-oem-6.8 vulnerabilities

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. CVE-2024-25741 Several security issues were discovered in the Linux kernel. An...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7089-4)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7089-4 advisory. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local...

CVE-2024-49046

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability...

CVE-2024-49046

CVE-2024-49046 affects the Windows Win32 Kernel Subsystem and is categorized as an Elevation of Privilege vulnerability. The CVSS 3.1 vector indicates LOCAL exploitability with LOW attack complexity and LOW privileges required, but HIGH impact to confidentiality, integrity, and availability under...

CLSA-2024-1731431756 kernel: Fix of 30 CVEs

tty: ngsm: Fix use-after-free in gsmcleanupmux CVE-2024-50073 - drm/amdkfd: amdkfdfreegttmem clear the correct pointer CVE-2024-49991 - ext4: fix timer use-after-free on failed mount CVE-2024-49960 - ext4: avoid use-after-free in ext4extshowleaf CVE-2024-49889 - ext4: fix slab-use-after-free in...

USN-7100-2: Linux kernel vulnerabilities

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a deni...

kernel: Bluetooth: ISO: Check socket flag instead of hcon

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 isosockrecvmsg error: we previously assumed 'pi-conn-hcon' could be null line 1359...

kernel: tty: fix out-of-bounds access in tty_driver_lookup_tty()

An out-of-bounds access was found in the TTY subsystem. When an invalid console device is specified on the kernel command line e.g., console=tty3270, the driver lookup returns a TTY struct with an invalid index, causing a crash during boot...

kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102

A flaw was found in the Linux kernel. A system error can be reliably replicated with specific filesystem settings, allowing an attacker to cause a denial of service...