| Description: | Summary:
The remote host is missing an update for the 'linux-azure, linux-bluefield' package(s) announced via the USN-7088-2 advisory.
Vulnerability Insight:
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the
Linux kernel contained an integer overflow vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-36402)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture,
- PowerPC architecture,
- User-Mode Linux (UML),
- x86 architecture,
- Block layer subsystem,
- Cryptographic API,
- Android drivers,
- Serial ATA and Parallel ATA drivers,
- ATM drivers,
- Drivers core,
- CPU frequency scaling framework,
- Device frequency scaling framework,
- GPU drivers,
- HID subsystem,
- Hardware monitoring drivers,
- InfiniBand drivers,
- Input Device core drivers,
- Input Device (Miscellaneous) drivers,
- IOMMU subsystem,
- IRQ chip drivers,
- ISDN/mISDN subsystem,
- LED subsystem,
- Multiple devices driver,
- Media drivers,
- EEPROM drivers,
- VMware VMCI Driver,
- MMC subsystem,
- Network drivers,
- Near Field Communication (NFC) drivers,
- NVME drivers,
- Device tree and open firmware driver,
- Parport drivers,
- PCI subsystem,
- Pin controllers subsystem,
- Remote Processor subsystem,
- S/390 drivers,
- SCSI drivers,
- QCOM SoC drivers,
- Direct Digital Synthesis drivers,
- TTY drivers,
- Userspace I/O drivers,
- DesignWare USB3 driver,
- USB Gadget drivers,
- USB Serial drivers,
- BTRFS file system,
- File systems infrastructure,
- Ext4 file system,
- F2FS file system,
- JFS file system,
- NILFS2 file system,
- BPF subsystem,
- Core kernel,
- DMA mapping infrastructure,
- Tracing infrastructure,
- Radix Tree data structure library,
- Kernel userspace event delivery library,
- Objagg library,
- Memory management,
- Amateur Radio drivers,
- Bluetooth subsystem,
- CAN network layer,
- Networking core,
- Ethtool driver,
- IPv4 networking,
- IPv6 networking,
- IUCV driver,
- KCM (Kernel Connection Multiplexor) sockets driver,
- MAC80211 subsystem,
- Netfilter,
- Network traffic control,
- SCTP protocol,
- Sun RPC protocol,
- TIPC protocol,
- TLS protocol,
- Wireless networking,
- AppArmor security module,
- Simplified Mandatory Access Control Kernel framework,
- SoC audio core drivers,
- USB sound devices,
(CVE-2024-46714, CVE-2024-42288, CVE-2024-42290, CVE-2024-44987,
CVE-2024-41090, CVE-2024-42313, CVE-2024-46689, CVE-2024-46737,
CVE-2024-44946, CVE-2024-44999, CVE-2024-44935, CVE-2024-38602,
CVE-2024-43883, CVE-2024-26607, CVE-2024-41091, CVE-2024-45025,
CVE-2024-42305, CVE-2024-26891, CVE-2024-41073, CVE-2024-44969,
CVE-2024-26641, CVE-2024-46719, CVE-2024-40929, CVE-2024-46721,
CVE-2024-46740, CVE-2024-41012, CVE-2024-42280, CVE-2024-46738,
CVE-2024-46722, CVE-2024-42246, CVE-2024-41063, CVE-2024-41072,
CVE-2024-41068, CVE-2024-43884, ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-azure, linux-bluefield' package(s) on Ubuntu 20.04.
Solution:
Please install the updated package(s).
CVSS Score:
9.0
CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
