| Description: | Summary:
The remote host is missing an update for the 'linux-intel-iotg-5.15' package(s) announced via the USN-6828-1 advisory.
Vulnerability Insight:
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)
It was discovered that the HugeTLB file system component of the Linux
Kernel contained a NULL pointer dereference vulnerability. A privileged
attacker could possibly use this to to cause a denial of service.
(CVE-2024-0841)
It was discovered that the Open vSwitch implementation in the Linux kernel
could overflow its stack during recursive action operations under certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-1151)
Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture,
- PowerPC architecture,
- RISC-V architecture,
- S390 architecture,
- Core kernel,
- x86 architecture,
- Block layer subsystem,
- ACPI drivers,
- Android drivers,
- Power management core,
- Bus devices,
- Hardware random number generator core,
- Clock framework and drivers,
- CPU frequency scaling framework,
- Cryptographic API,
- Device frequency scaling framework,
- DMA engine subsystem,
- ARM SCMI message protocol,
- EFI core,
- GPU drivers,
- HID subsystem,
- Hardware monitoring drivers,
- I2C subsystem,
- IIO ADC drivers,
- IIO subsystem,
- IIO Magnetometer sensors drivers,
- InfiniBand drivers,
- IOMMU ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-intel-iotg-5.15' package(s) on Ubuntu 20.04.
Solution:
Please install the updated package(s).
CVSS Score:
7.7
CVSS Vector:
AV:A/AC:L/Au:S/C:C/I:C/A:C
|
