| Description: | Summary:
The remote host is missing an update for the 'linux-xilinx-zynqmp' package(s) announced via the USN-7179-4 advisory.
Vulnerability Insight:
Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux
kernel contained a type-confusion error. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-12351)
Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux
kernel did not properly initialize memory in some situations. A physically
proximate remote attacker could use this to expose sensitive information
(kernel memory). (CVE-2020-12352)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers,
- Media drivers,
- Network drivers,
- SMB network file system,
- Bluetooth subsystem,
- Amateur Radio drivers,
- Network traffic control,
- VMware vSockets driver,
(CVE-2024-43904, CVE-2024-35963, CVE-2024-35967, CVE-2024-40973,
CVE-2024-26822, CVE-2024-35965, CVE-2024-40910, CVE-2024-38553,
CVE-2024-53057, CVE-2024-50264, CVE-2024-35966)
Affected Software/OS:
'linux-xilinx-zynqmp' package(s) on Ubuntu 22.04.
Solution:
Please install the updated package(s).
CVSS Score:
5.8
CVSS Vector:
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
