| Summary: | The remote host is missing an update for the 'linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi' package(s) announced via the USN-6921-1 advisory. |
| Description: | Summary:
The remote host is missing an update for the 'linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi' package(s) announced via the USN-6921-1 advisory.
Vulnerability Insight:
Benedict Schluter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem,
- HID subsystem,
- I2C subsystem,
- PHY drivers,
- TTY drivers,
- IPv4 networking,
(CVE-2024-35990, CVE-2024-35997, CVE-2024-35992, CVE-2024-35984,
CVE-2024-36008, CVE-2024-36016)
Affected Software/OS:
'linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi' package(s) on Ubuntu 24.04.
Solution:
Please install the updated package(s).
CVSS Score:
4.6
CVSS Vector:
AV:L/AC:L/Au:S/C:N/I:N/A:C
|
