MGASA-2024-0310 Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.50 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

MGASA-2024-0266 Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.37 fix bugs and vulnerabilities. For information about the vulnerabilities see the links...

PT-2024-14773

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the MediaTek vcodec driver in the Linux kernel. The mtk vcodec mem free function is mostly called when the buffer to free exists, but there are instances where th...

Information disclosure

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/email protected and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

UBUNTU-CVE-2023-4610

Rejected reason: The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

SUSE CVE-2023-4610

The SRCU code was added in upstream kernel v6.4-rc1 and removed before v6.4. This bug only existed in development kernels. Please see https://lore.kernel.org/all/[email protected] and https://bugzilla.suse.com/showbug.cgi?id=1215932 for more information...

SUSE CVE-2023-4205

This was deemed as a false positive both by the reporter and upstream kernel...

Design/Logic Flaw

Rejected reason: This was deemed as a false positive both by the reporter and upstream kernel...

UBUNTU-CVE-2023-4205

Rejected reason: This was deemed as a false positive both by the reporter and upstream kernel...

CVE-2023-4205

CVE-2023-4205 entry is rejected/not used; not an active vulnerability.

CVE-2023-21102

In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

Code injection

In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

Double free

In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2023-21106

In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2023-21106

In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2023-21102

In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2023-21102

In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

CVE-2023-21106

In adrenosetparam of adrenogpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Out-of-bounds

In accctrlrequestcomposite of faccessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

UBUNTU-CVE-2023-20941

In accctrlrequestcomposite of faccessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...