Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.6707.3
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6707-3)
Summary:	The remote host is missing an update for the 'linux-aws, linux-aws-6.5' package(s) announced via the USN-6707-3 advisory.
Description:	Summary: The remote host is missing an update for the 'linux-aws, linux-aws-6.5' package(s) announced via the USN-6707-3 advisory. Vulnerability Insight: Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1085) Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-1086) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers, - PWM drivers, (CVE-2024-26597, CVE-2024-26599) Affected Software/OS: 'linux-aws, linux-aws-6.5' package(s) on Ubuntu 22.04, Ubuntu 23.10. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-1085 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 Common Vulnerability Exposure (CVE) ID: CVE-2024-1086 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ https://github.com/Notselwyn/CVE-2024-1086 https://news.ycombinator.com/item?id=39828424 https://pwning.tech/nftables/ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 http://www.openwall.com/lists/oss-security/2024/04/10/23 http://www.openwall.com/lists/oss-security/2024/04/10/22 http://www.openwall.com/lists/oss-security/2024/04/14/1 http://www.openwall.com/lists/oss-security/2024/04/15/2 http://www.openwall.com/lists/oss-security/2024/04/17/5 Common Vulnerability Exposure (CVE) ID: CVE-2024-26597 https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5 https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590 https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1 https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447 https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468 https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534 Common Vulnerability Exposure (CVE) ID: CVE-2024-26599 https://git.kernel.org/stable/c/7b85554c7c2aee91171e038e4d5442ffa130b282 https://git.kernel.org/stable/c/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 https://git.kernel.org/stable/c/bae45b7ebb31984b63b13c3519fd724b3ce92123 https://git.kernel.org/stable/c/e5f2b4b62977fb6c2efcbc5779e0c9dce18215f7
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.