| Description: | Summary:
The remote host is missing an update for the 'linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5' package(s) announced via the USN-6895-3 advisory.
Vulnerability Insight:
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the HugeTLB file system component of the Linux
Kernel contained a NULL pointer dereference vulnerability. A privileged
attacker could possibly use this to to cause a denial of service.
(CVE-2024-0841)
It was discovered that the Open vSwitch implementation in the Linux kernel
could overflow its stack during recursive action operations under certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-1151)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture,
- PowerPC architecture,
- x86 architecture,
- Cryptographic API,
- Android drivers,
- Block layer subsystem,
- Bluetooth drivers,
- DMA engine subsystem,
- GPU drivers,
- HID subsystem,
- Hardware monitoring drivers,
- I2C subsystem,
- IIO ADC drivers,
- IIO subsystem,
- IIO Magnetometer sensors drivers,
- InfiniBand drivers,
- On-Chip Interconnect management framework,
- Multiple devices driver,
- Media drivers,
- Network drivers,
- PHY drivers,
- MediaTek PM domains,
- SCSI drivers,
- TTY drivers,
- USB subsystem,
- DesignWare USB3 driver,
- Framebuffer layer,
- AFS file system,
- BTRFS file system,
- Ceph distributed file system,
- Ext4 file system,
- File systems infrastructure,
- NILFS2 file system,
- NTFS3 file system,
- SMB network file system,
- Core kernel,
- Memory management,
- Bluetooth subsystem,
- CAN network layer,
- Devlink API,
- Handshake API,
- HSR network protocol,
- IPv4 networking,
- IPv6 networking,
- MAC80211 subsystem,
- Multipath TCP,
- Netfilter,
- NFC subsystem,
- RxRPC session sockets,
- TIPC protocol,
- Unix domain sockets,
- Realtek audio codecs,
(CVE-2024-26922, CVE-2024-26691, CVE-2024-26698, CVE-2024-26696,
CVE-2024-26688, CVE-2024-26734, CVE-2024-26660, CVE-2024-26736,
CVE-2024-26600, CVE-2024-26826, CVE-2024-26890, CVE-2023-52643,
CVE-2024-26917, CVE-2024-26676, CVE-2024-26916, CVE-2024-26919,
CVE-2024-26662, CVE-2024-26714, CVE-2023-52880, ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-aws-6.5, linux-lowlatency-hwe-6.5, linux-oracle-6.5, linux-starfive-6.5' package(s) on Ubuntu 22.04.
Solution:
Please install the updated package(s).
CVSS Score:
6.8
CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
