Pratyush Yadav discovered that the Xen network backend implementation in
the Linux kernel did not properly handle zero length data request, leading
to a null pointer dereference vulnerability. An attacker in a guest VM
could possibly use this to cause a denial of service (host domain crash).
(CVE-2023-46838)
It was discovered that the IPv6 implementation of the Linux kernel did not
properly manage route cache memory usage. A remote attacker could use this
to cause a denial of service (memory exhaustion). (CVE-2023-52340)
It was discovered that the device mapper driver in the Linux kernel did not
properly validate target size during certain memory allocations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-52429, CVE-2024-23851)
Dan Carpenter discovered that the netfilter subsystem in the Linux kernel
did not store data in properly sized memory locations. A local user could
use this to cause a denial of service (system crash). (CVE-2024-0607)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Architecture specifics;
– Cryptographic API;
– Android drivers;
– EDAC drivers;
– GPU drivers;
– Media drivers;
– MTD block device drivers;
– Network drivers;
– NVME drivers;
– TTY drivers;
– Userspace I/O drivers;
– F2FS file system;
– GFS2 file system;
– IPv6 Networking;
– AppArmor security module;
(CVE-2023-52464, CVE-2023-52448, CVE-2023-52457, CVE-2023-52443,
CVE-2023-52439, CVE-2023-52612, CVE-2024-26633, CVE-2024-26597,
CVE-2023-52449, CVE-2023-52444, CVE-2023-52609, CVE-2023-52469,
CVE-2023-52445, CVE-2023-52451, CVE-2023-52470, CVE-2023-52454,
CVE-2023-52436, CVE-2023-52438)
More Stories
chromium-125.0.6422.60-3.el7
FEDORA-EPEL-2024-07403ba3a8 Packages in this update: chromium-125.0.6422.60-3.el7 Update description: update to 125.0.6422.60 High CVE-2024-4947: Type Confusion in V8 High CVE-2024-4948: Use...
USN-6777-2: Linux kernel (Azure) vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal,...
USN-6766-3: Linux kernel (AWS) vulnerabilities
It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations...
nextcloud-28.0.5-2.fc39
FEDORA-2024-80aa2e0e55 Packages in this update: nextcloud-28.0.5-2.fc39 Update description: Update nextcloud to 28.0.5 and PR #11 PR #11 Many issues fixed...
nextcloud-28.0.5-2.fc40
FEDORA-2024-456a389028 Packages in this update: nextcloud-28.0.5-2.fc40 Update description: Update nextcloud to 28.0.5 and PR #11 PR #11 Many issues fixed...
ZDI-CAN-24210: PDF-XChange
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to...