USN-7020-3 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - SCSI drivers; - F2FS file system; - BPF subsystem; - IPv4 networking;...

USN-7020-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - SCSI drivers; - F2FS file system; - BPF subsystem; - IPv4 networking;...

USN-7003-4: Linux kernel vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service system crash. CVE-2024-40902 Several security issues were discovered in the Linux kernel. An attacker could...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7020-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7020-3 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7003-4)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7003-4 advisory. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could us...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-7039-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7039-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

USN-7009-2: Linux kernel vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 Chenyuan Yang discovered that the USB Gadget subsystem in...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7009-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7009-2 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to caus...

CLSA-2024-1727167500 kernel: Fix of 11 CVEs

wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - bnx2x: Fix multiple UBSAN array-index-out-of-bounds CVE-2024-42148 - exec: Fix ToCToU between perm check and set-uid/gid usage CVE-2024-43882 - scsi: aacraid: Fix double-free on probe failure...

kernel: wifi: nl80211: Avoid address calculations via out of bounds array indexing

A vulnerability has been identified in the Linux kernel, specifically involving a possible out-of-bounds array indexing within the net/wireless/nl80211.c file related to the wireless networking subsystem. This flaw can lead to a kernel-level crash, resulting in a denial-of-service condition for t...

kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

A vulnerability was found in the Linux kernel's ngsm driver, affecting the tty subsystem. It occurs when switching between basic and advanced option modes in GSM multiplexing, leading to potential out-of-bounds memory writes. This happens because certain state variables, like gsm-len and gsm-stat...

kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system...

kernel: net: fix possible store tearing in neigh_periodic_work()

A flaw was found in the Linux kernel that allows for potential store tearing within the neighperiodicwork function, meaning a write operation on a value is not protected properly and could result in inconsistencies if another process or thread reads from that value before the operation is complet...

kernel: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

A vulnerability was found in the cfg80211 component in the Linux kernel, where a lack of proper range validation applied to the NL80211ATTRTXQQUANTUM can lead to a scenario where the userspace passes an extremely high value that the kernel is not designed to handle efficiently ex. 2^31. This can...

kernel: fbmem: Do not delete the mode that is still in use

A vulnerability was found in the Linux kernel's fbmem subsystem. This issue arises when the system attempts to delete a video mode that is still in use, leading to potential use-after-free errors. This improper handling can result in system crashes or undefined behavior when accessing freed memor...

kernel: ACPI: fix NULL pointer dereference

A vulnerability was found in the Linux kernel’s ACPI subsystem, where the acpidevput function could attempt to operate on a NULL pointer, leads to a system crash due to a NULL pointer dereference, causing instability when managing ACPI devices...

kernel: tty: Fix out-of-bound vmalloc access in imageblit

A vulnerability was found in the Linux kernel's tty subsystem within the imageblit function when a userspace program performs an ioctl operation with the FBIOPUTVSCREENINFO command, passing a fbvarscreeninfo structure with limited fields. If the structure’s values remain unchanged from a previous...

kernel: net: fix out-of-bounds access in ops_init

An out-of-bounds memory access flaw was found in the Linux kernel’s networking subsystem in how a local user triggers a complex race condition. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

A vulnerability was found in the Linux kernel's ngsm driver, affecting the tty subsystem. It occurs when switching between basic and advanced option modes in GSM multiplexing, leading to potential out-of-bounds memory writes. This happens because certain state variables, like gsm-len and gsm-stat...

kernel: net: fix possible store tearing in neigh_periodic_work()

A flaw was found in the Linux kernel that allows for potential store tearing within the neighperiodicwork function, meaning a write operation on a value is not protected properly and could result in inconsistencies if another process or thread reads from that value before the operation is complet...