Sony: 明確な認証不備および潜在的な中間者攻撃の可能性（Clear Authentication Deficiencies & Potential for Man-in-the-Middle Attacks）

The WH-1000XM5 headphones were found to have an authentication vulnerability that allowed an attacker to connect to the device without going through the proper pairing process. This vulnerability could be combined with existing Bluetooth attacks to enable man-in-the-middle attacks...

USN-6923-2: Linux kernel vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

USN-6924-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM SCMI message protocol; - InfiniBand drivers; - TTY drivers; - TLS protocol; CVE-2024-26584, CVE-2024-36016,...

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach...

Phoniebox Security Breach

Phoniebox is a contactless jukebox for the Raspberry Pi by the individual developer Micz Flor. A security vulnerability exists in Phoniebox version 2.7 and earlier, which stems from insecure handling of the GET header parameter file contained in requests, and is vulnerable to shell command...

USN-6872-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystem: - Netfilter; CVE-2024-26809, CVE-2024-26643, CVE-2024-26925, CVE-2024-26924...

USN-6868-1: Linux kernel vulnerabilities

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability CVE-2022-0001 were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive...

DEBIAN-CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the bounds sanitizer...

UBUNTU-CVE-2024-39461

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws Commit f316cdff8d67 "clk: Annotate struct clkhwonecelldata with countedby" annotated the hws member of 'struct clkhwonecelldata' with countedby, which informs the bounds sanitizer...

Malicious code in raspberry-getinfo (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-5850 Malicious code in raspberry-getinfo (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-35932

A flaw was found in the vc4 module in the Linux kernel. In some conditions, an invalid check can cause an improper update of reference count, causing a use-after-free and resulting in a denial of service...

AZL-67691 CVE-2024-35932 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...

CVE-2024-35932

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...

CVE-2024-35932 drm/vc4: don't check if plane->state->fb == state->fb

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane-state-fb == state-fb Currently, when using non-blocking commits, we can see the following kernel warning: 110.908514 ------------ cut here ------------ 110.908529 refcountt: underflow; use-after-free...

USN-6742-1: Linux kernel vulnerabilities

Daniele Antonioli discovered that the Secure Simple Pairing and Secure Connections pairing in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials. A physically proximate attacker placed between two Bluetooth devices could use this to...

USN-6724-2: Linux kernel vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

Raspberry Robin Expands Reach via WSF

...

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files WSFs since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its...

USN-6726-1: Linux kernel vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...