USN-7234-1: Linux kernel vulnerabilities

Read Time:30 Second

Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– TTY drivers;
– Netfilter;
– Network traffic control;
– VMware vSockets driver;
(CVE-2024-53141, CVE-2024-53103, CVE-2024-40967, CVE-2024-53164)

CISA Denies Reports of Shift in Cybersecurity Posture Amid Russian Threats

Phishing Campaign Uses Havoc Framework to Control Infected Systems

Stop targeting Russian hackers, Trump administration orders US Cyber Command

Vodafone Trials Quantum-Safe Tech to Protect Smartphone Browsing

ICO Launches TikTok Investigation Over Use of Children’s Data

BYOVD Attacks Exploit Zero-Day in Paragon Partition Manager

Friday Squid Blogging: Eating Bioluminescent Squid

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Third-Party Attacks Drive Major Financial Losses in 2024

USN-7234-1: Linux kernel vulnerabilities

USN-7294-4: Linux kernel vulnerabilities

USN-7303-3: Linux kernel vulnerabilities

USN-7316-1: Raptor vulnerabilities

USN-7315-1: PostgreSQL vulnerability

USN-7314-1: Kerberos vulnerabilities

USN-7313-1: Erlang vulnerability