| Description: | Summary:
The remote host is missing an update for the 'linux-azure, linux-azure-fde' package(s) announced via the USN-6821-4 advisory.
Vulnerability Insight:
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)
It was discovered that the HugeTLB file system component of the Linux
Kernel contained a NULL pointer dereference vulnerability. A privileged
attacker could possibly use this to to cause a denial of service.
(CVE-2024-0841)
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture,
- RISC-V architecture,
- x86 architecture,
- ACPI drivers,
- Block layer subsystem,
- Clock framework and drivers,
- CPU frequency scaling framework,
- Cryptographic API,
- DMA engine subsystem,
- EFI core,
- GPU drivers,
- InfiniBand drivers,
- IOMMU subsystem,
- Multiple devices driver,
- Media drivers,
- MMC subsystem,
- Network drivers,
- NTB driver,
- NVME drivers,
- PCI subsystem,
- MediaTek PM domains,
- Power supply drivers,
- SPI subsystem,
- Media staging drivers,
- TCM subsystem,
- USB subsystem,
- Framebuffer layer,
- AFS file system,
- File systems infrastructure,
- BTRFS file system,
- EROFS file system,
- Ext4 file system,
- F2FS file system,
- Network file system client,
- NTFS3 file system,
- Diskquota system,
- SMB network file system,
- BPF subsystem,
- Netfilter,
- TLS protocol,
- io_uring subsystem,
- Bluetooth subsystem,
- Memory management,
- Ethernet bridge,
- Networking core,
- HSR network protocol,
- IPv4 networking,
- IPv6 networking,
- L2TP protocol,
- MAC80211 subsystem,
- Multipath TCP,
- Netlink,
- NET/ROM layer,
- Packet sockets,
- RDS protocol,
- Sun RPC protocol,
- Unix domain sockets,
- Wireless networking,
- USB sound devices,
(CVE-2024-35830, CVE-2024-27052, CVE-2023-52620, CVE-2024-26903,
CVE-2024-27413, CVE-2024-26766, CVE-2024-27077, CVE-2024-27044,
CVE-2024-27076, CVE-2024-26833, CVE-2024-26874, CVE-2024-26863,
CVE-2023-52650, CVE-2024-26820, CVE-2024-26787, CVE-2023-52656,
CVE-2024-26651, CVE-2024-27065, CVE-2024-27053, CVE-2024-26583,
CVE-2024-26774, CVE-2024-26782, CVE-2023-52640, CVE-2024-26838,
CVE-2024-27410, CVE-2024-26870, CVE-2024-27024, CVE-2024-26891,
CVE-2024-26889, CVE-2024-26897, CVE-2024-26857, ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-azure, linux-azure-fde' package(s) on Ubuntu 22.04.
Solution:
Please install the updated package(s).
CVSS Score:
7.7
CVSS Vector:
AV:A/AC:L/Au:S/C:C/I:C/A:C
|
