Category Archives: Advisories

USN-6816-1: Linux kernel vulnerabilities

Read Time:6 Minute, 5 Second

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)

It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)

It was discovered that the Intel Data Streaming and Intel Analytics
Accelerator drivers in the Linux kernel allowed direct access to the
devices for unprivileged users and virtual machines. A local attacker could
use this to cause a denial of service. (CVE-2024-21823)

Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)

Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

It was discovered that the MediaTek SoC Gigabit Ethernet driver in the
Linux kernel contained a race condition when stopping the device. A local
attacker could possibly use this to cause a denial of service (device
unavailability). (CVE-2024-27432)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– PowerPC architecture;
– x86 architecture;
– Block layer subsystem;
– ACPI drivers;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Cryptographic API;
– DPLL subsystem;
– ARM SCMI message protocol;
– EFI core;
– GPU drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– MMC subsystem;
– Network drivers;
– NTB driver;
– NVME drivers;
– PCI subsystem;
– Powercap sysfs driver;
– SCSI drivers;
– Freescale SoC drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– TTY drivers;
– USB subsystem;
– DesignWare USB3 driver;
– VFIO drivers;
– Backlight driver;
– Virtio drivers;
– Xen hypervisor drivers;
– AFS file system;
– File systems infrastructure;
– BTRFS file system;
– debug file system;
– Ext4 file system;
– F2FS file system;
– FAT file system;
– Network file system client;
– NILFS2 file system;
– Overlay file system;
– Pstore file system;
– Diskquota system;
– SMB network file system;
– UBI file system;
– io_uring subsystem;
– BPF subsystem;
– Core kernel;
– Memory management;
– Bluetooth subsystem;
– Networking core;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– IEEE 802.15.4 subsystem;
– Netfilter;
– Packet sockets;
– Network traffic control;
– Sun RPC protocol;
– ALSA SH drivers;
– SOF drivers;
– USB sound devices;
– KVM core;
(CVE-2024-35822, CVE-2024-26859, CVE-2024-26967, CVE-2024-27053,
CVE-2024-27064, CVE-2024-27437, CVE-2024-26931, CVE-2024-26870,
CVE-2024-26927, CVE-2024-26880, CVE-2024-35789, CVE-2024-26929,
CVE-2024-27034, CVE-2024-26816, CVE-2024-26896, CVE-2024-26975,
CVE-2024-26972, CVE-2024-26937, CVE-2024-27032, CVE-2024-26871,
CVE-2024-26655, CVE-2024-35829, CVE-2024-26886, CVE-2023-52653,
CVE-2024-27028, CVE-2024-26877, CVE-2024-26898, CVE-2024-35796,
CVE-2024-27065, CVE-2024-35807, CVE-2024-26966, CVE-2024-35826,
CVE-2024-27067, CVE-2024-27039, CVE-2024-35811, CVE-2024-26895,
CVE-2024-26814, CVE-2024-26893, CVE-2023-52649, CVE-2024-35801,
CVE-2023-52648, CVE-2024-27048, CVE-2024-26934, CVE-2024-27049,
CVE-2024-26890, CVE-2024-26874, CVE-2022-48669, CVE-2023-52661,
CVE-2024-27436, CVE-2024-27058, CVE-2024-26935, CVE-2024-26956,
CVE-2024-26960, CVE-2024-26976, CVE-2024-27041, CVE-2024-26873,
CVE-2024-26946, CVE-2024-27080, CVE-2024-27432, CVE-2023-52650,
CVE-2024-26879, CVE-2023-52647, CVE-2024-27435, CVE-2024-27038,
CVE-2024-26951, CVE-2024-27390, CVE-2024-26863, CVE-2024-26959,
CVE-2024-35794, CVE-2024-26889, CVE-2024-35845, CVE-2024-27433,
CVE-2024-26961, CVE-2024-35803, CVE-2024-26653, CVE-2024-26939,
CVE-2024-26872, CVE-2024-26979, CVE-2024-26973, CVE-2024-27029,
CVE-2024-35831, CVE-2024-26892, CVE-2024-26888, CVE-2024-27074,
CVE-2024-35844, CVE-2024-26938, CVE-2024-26953, CVE-2024-27391,
CVE-2024-35843, CVE-2024-27040, CVE-2024-26875, CVE-2024-27026,
CVE-2024-26978, CVE-2024-26882, CVE-2023-52652, CVE-2023-52662,
CVE-2024-26963, CVE-2024-26962, CVE-2024-27051, CVE-2024-27068,
CVE-2024-26881, CVE-2024-35800, CVE-2024-26964, CVE-2024-27389,
CVE-2024-27043, CVE-2024-26901, CVE-2024-26941, CVE-2024-35798,
CVE-2024-35799, CVE-2024-26952, CVE-2024-26654, CVE-2024-27046,
CVE-2024-35810, CVE-2024-27050, CVE-2024-27063, CVE-2024-26954,
CVE-2024-26884, CVE-2024-27047, CVE-2024-26932, CVE-2024-26883,
CVE-2024-26943, CVE-2024-26651, CVE-2024-26815, CVE-2024-26948,
CVE-2024-27066, CVE-2024-27037, CVE-2024-35806, CVE-2024-26869,
CVE-2024-26878, CVE-2024-26810, CVE-2024-35797, CVE-2024-27073,
CVE-2024-26812, CVE-2024-26933, CVE-2024-26809, CVE-2024-26894,
CVE-2024-35813, CVE-2024-27033, CVE-2024-26876, CVE-2024-27076,
CVE-2024-27045, CVE-2024-27079, CVE-2024-26861, CVE-2024-26957,
CVE-2024-26864, CVE-2024-26866, CVE-2024-35814, CVE-2024-26813,
CVE-2024-27388, CVE-2024-27042, CVE-2024-26862, CVE-2024-26968,
CVE-2024-26940, CVE-2024-27027, CVE-2024-35793, CVE-2024-35874,
CVE-2024-27035, CVE-2024-26958, CVE-2024-26887, CVE-2024-35809,
CVE-2024-26930, CVE-2024-35819, CVE-2024-27392, CVE-2024-35808,
CVE-2023-52644, CVE-2024-35828, CVE-2024-26657, CVE-2024-26969,
CVE-2024-27434, CVE-2024-35821, CVE-2023-52663, CVE-2024-27078,
CVE-2024-35787, CVE-2024-27044, CVE-2024-26848, CVE-2024-26955,
CVE-2024-26899, CVE-2024-27077, CVE-2024-26897, CVE-2024-26945,
CVE-2024-26885, CVE-2024-27069, CVE-2024-27070, CVE-2024-27054,
CVE-2024-35795, CVE-2024-35817, CVE-2024-35827, CVE-2024-26656,
CVE-2024-26860, CVE-2024-26942, CVE-2023-52659, CVE-2024-26865,
CVE-2024-26868, CVE-2024-26947, CVE-2024-35788, CVE-2024-26950,
CVE-2024-27030, CVE-2024-26949, CVE-2024-26900, CVE-2024-26971,
CVE-2024-35805, CVE-2024-26977, CVE-2024-26944, CVE-2024-27036,
CVE-2024-26965, CVE-2024-26891, CVE-2024-27071, CVE-2024-27075,
CVE-2024-27072, CVE-2024-35830, CVE-2024-27052, CVE-2024-26970,
CVE-2024-27031)

Read More

A Vulnerability in SolarWinds Serv-U Could Allow for Path Transversal

Read Time:31 Second

A vulnerability has been discovered in SolarWinds Serv-U that could allow for path transversal that could lead to disclosure of sensitive information. SolarWinds Serv-U is a managed file transfer solution used to store and share files across an enterprise network. It can be hosted on both Windows and Linux-based servers. Successful exploitation of this vulnerability could allow for the disclosure of sensitive information in the context of the files and directories. Depending on the permissions associated with the files, an attacker could view content within them. Files with stricter access controls and file permissions could be less impacted than those without.

Read More

tomcat-9.0.89-1.fc40

Read Time:17 Second

FEDORA-2024-c404b99f19

Packages in this update:

tomcat-9.0.89-1.fc40

Update description:

This update includes a rebase from 9.0.83 to 9.0.89.

#2269611 CVE-2024-24549 tomcat: CVE-2024-24549: Apache Tomcat: HTTP/2 header handling DoS
#2269612 CVE-2024-23672 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake

Read More

Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution

Read Time:30 Second

Multiple vulnerabilities have been discovered in PHP which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6815-1: AOM vulnerability

Read Time:11 Second

Xiantong Hou discovered that AOM did not properly handle certain malformed
media files. If an application using AOM opened a specially crafted file, a
remote attacker could cause a denial of service, or possibly execute
arbitrary code.

Read More

USN-6814-1: libvpx vulnerability

Read Time:11 Second

Xiantong Hou discovered that libvpx did not properly handle certain
malformed media files. If an application using libvpx opened a specially
crafted file, a remote attacker could cause a denial of service, or
possibly execute arbitrary code.

Read More

USN-6567-2: QEMU regression

Read Time:3 Minute, 16 Second

USN-6567-1 fixed vulnerabilities QEMU. The fix for CVE-2023-2861 was too
restrictive and introduced a behaviour change leading to a regression in
certain environments. This update fixes the problem.

Original advisory details:

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the
USB xHCI controller device. A privileged guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)

It was discovered that QEMU incorrectly handled the TCG Accelerator. A
local attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly execute arbitrary code and esclate
privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)

It was discovered that QEMU incorrectly handled the Intel HD audio device.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2021-3611)

It was discovered that QEMU incorrectly handled the ATI VGA device. A
malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-3638)

It was discovered that QEMU incorrectly handled the VMWare paravirtual RDMA
device. A malicious guest attacker could use this issue to cause QEMU to
crash, leading to a denial of service. (CVE-2023-1544)

It was discovered that QEMU incorrectly handled the 9p passthrough
filesystem. A malicious guest attacker could possibly use this issue to
open special files and escape the exported 9p tree. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-2861)

It was discovered that QEMU incorrectly handled the virtual crypto device.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-3180)

It was discovered that QEMU incorrectly handled the built-in VNC server.
A remote authenticated attacker could possibly use this issue to cause QEMU
to stop responding, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3255)

It was discovered that QEMU incorrectly handled net device hot-unplugging.
A malicious guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 23.04. (CVE-2023-3301)

It was discovered that QEMU incorrectly handled the built-in VNC server.
A remote attacker could possibly use this issue to cause QEMU to crash,
resulting in a denial of service. This issue only affected Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-3354)

It was discovered that QEMU incorrectly handled NVME devices. A malicious
guest attacker could use this issue to cause QEMU to crash, leading to a
denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-40360)

It was discovered that QEMU incorrectly handled NVME devices. A malicious
guest attacker could use this issue to cause QEMU to crash, leading to a
denial of service, or possibly obtain sensitive information. This issue
only affected Ubuntu 23.10. (CVE-2023-4135)

It was discovered that QEMU incorrectly handled SCSI devices. A malicious
guest attacker could use this issue to cause QEMU to crash, leading to a
denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.
(CVE-2023-42467)

It was discovered that QEMU incorrectly handled certain disk offsets. A
malicious guest attacker could possibly use this issue to gain control of
the host in certain nested virtualization scenarios. (CVE-2023-5088)

Read More