Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– TTY drivers;
– Netfilter;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-53141, CVE-2024-53103, CVE-2024-40967, CVE-2024-53164)
More Stories
USN-7294-4: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7303-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7316-1: Raptor vulnerabilities
It was discovered that Raptor incorrectly handled memory operations when processing certain input files. A remote attacker could possibly use...
USN-7315-1: PostgreSQL vulnerability
Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue...
USN-7314-1: Kerberos vulnerabilities
It was discovered that Kerberos incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause...
USN-7313-1: Erlang vulnerability
It was discovered that Erlang incorrectly handled SFTP packet sizes. A remote attacker could possibly use this issue to cause...