Category Archives: Advisories

USN-6766-1: Linux kernel vulnerabilities

Read Time:2 Minute, 44 Second

It was discovered that the Open vSwitch implementation in the Linux kernel
could overflow its stack during recursive action operations under certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-1151)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– PowerPC architecture;
– S390 architecture;
– Core kernel;
– Block layer subsystem;
– Android drivers;
– Power management core;
– Bus devices;
– Hardware random number generator core;
– Cryptographic API;
– Device frequency;
– DMA engine subsystem;
– ARM SCMI message protocol;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I2C subsystem;
– IIO ADC drivers;
– IIO subsystem;
– IIO Magnetometer sensors drivers;
– InfiniBand drivers;
– Media drivers;
– Network drivers;
– PCI driver for MicroSemi Switchtec;
– PHY drivers;
– SCSI drivers;
– DesignWare USB3 driver;
– BTRFS file system;
– Ceph distributed file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– NTFS3 file system;
– Pstore file system;
– SMB network file system;
– Memory management;
– CAN network layer;
– Networking core;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– Multipath TCP;
– Netfilter;
– NFC subsystem;
– SMC sockets;
– Sun RPC protocol;
– TIPC protocol;
– Unix domain sockets;
– Realtek audio codecs;
(CVE-2023-52594, CVE-2023-52601, CVE-2024-26826, CVE-2023-52622,
CVE-2024-26665, CVE-2023-52493, CVE-2023-52633, CVE-2024-26684,
CVE-2024-26663, CVE-2023-52618, CVE-2023-52588, CVE-2023-52637,
CVE-2024-26825, CVE-2023-52606, CVE-2024-26594, CVE-2024-26625,
CVE-2024-26720, CVE-2024-26614, CVE-2023-52627, CVE-2023-52602,
CVE-2024-26673, CVE-2024-26685, CVE-2023-52638, CVE-2023-52498,
CVE-2023-52619, CVE-2024-26910, CVE-2024-26689, CVE-2023-52583,
CVE-2024-26676, CVE-2024-26671, CVE-2024-26704, CVE-2024-26608,
CVE-2024-26610, CVE-2024-26592, CVE-2023-52599, CVE-2023-52595,
CVE-2024-26660, CVE-2023-52617, CVE-2024-26645, CVE-2023-52486,
CVE-2023-52631, CVE-2023-52607, CVE-2023-52608, CVE-2024-26722,
CVE-2024-26615, CVE-2023-52615, CVE-2024-26636, CVE-2023-52642,
CVE-2023-52587, CVE-2024-26712, CVE-2024-26675, CVE-2023-52614,
CVE-2024-26606, CVE-2024-26916, CVE-2024-26600, CVE-2024-26679,
CVE-2024-26829, CVE-2024-26641, CVE-2023-52623, CVE-2024-26627,
CVE-2024-26696, CVE-2024-26640, CVE-2024-26635, CVE-2023-52491,
CVE-2024-26664, CVE-2024-26602, CVE-2023-52604, CVE-2024-26717,
CVE-2023-52643, CVE-2024-26593, CVE-2023-52598, CVE-2024-26668,
CVE-2023-52435, CVE-2023-52597, CVE-2024-26715, CVE-2024-26707,
CVE-2023-52635, CVE-2024-26695, CVE-2024-26698, CVE-2023-52494,
CVE-2024-26920, CVE-2024-26808, CVE-2023-52616, CVE-2023-52492,
CVE-2024-26702, CVE-2024-26644, CVE-2023-52489, CVE-2024-26697)

Read More

A Vulnerability in Mozilla PDF.js Could Allow for Arbitrary Code Execution

Read Time:32 Second

A vulnerability has been discovered in Mozilla PDF.js could allow for arbitrary code execution. Mozilla PDF.js is a PDF viewer that is built into Mozilla Firefox and can be used by other web browsers. Exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6765-1: Linux kernel (OEM) vulnerabilities

Read Time:3 Minute, 33 Second

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel
did not properly validate H2C PDU data, leading to a null pointer
dereference vulnerability. A remote attacker could use this to cause a
denial of service (system crash). (CVE-2023-6356, CVE-2023-6535,
CVE-2023-6536)

Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida
discovered that the Linux kernel mitigations for the initial Branch History
Injection vulnerability (CVE-2022-0001) were insufficient for Intel
processors. A local attacker could potentially use this to expose sensitive
information. (CVE-2024-2201)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– PowerPC architecture;
– S390 architecture;
– Core kernel;
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– Android drivers;
– Drivers core;
– Power management core;
– Bus devices;
– Hardware random number generator core;
– Device frequency;
– DMA engine subsystem;
– EDAC drivers;
– ARM SCMI message protocol;
– GPU drivers;
– IIO ADC drivers;
– InfiniBand drivers;
– IOMMU subsystem;
– Media drivers;
– Multifunction device drivers;
– MTD block device drivers;
– Network drivers;
– NVME drivers;
– PCI driver for MicroSemi Switchtec;
– x86 platform drivers;
– Power supply drivers;
– SCSI drivers;
– QCOM SoC drivers;
– SPMI drivers;
– Thermal drivers;
– TTY drivers;
– VFIO drivers;
– BTRFS file system;
– Ceph distributed file system;
– EFI Variable file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– GFS2 file system;
– JFS file system;
– Network file systems library;
– Network file system server daemon;
– Pstore file system;
– ReiserFS file system;
– SMB network file system;
– BPF subsystem;
– Memory management;
– TLS protocol;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– Netfilter;
– Network traffic control;
– SMC sockets;
– Sun RPC protocol;
– AppArmor security module;
(CVE-2023-52635, CVE-2024-26632, CVE-2023-52468, CVE-2023-52472,
CVE-2023-52589, CVE-2024-26671, CVE-2024-26640, CVE-2024-26631,
CVE-2023-52489, CVE-2023-52616, CVE-2023-52445, CVE-2023-52463,
CVE-2024-26610, CVE-2023-52497, CVE-2023-52453, CVE-2023-52470,
CVE-2024-26649, CVE-2023-52583, CVE-2024-26644, CVE-2023-52607,
CVE-2023-52587, CVE-2024-26594, CVE-2023-52618, CVE-2023-52495,
CVE-2023-52632, CVE-2024-26583, CVE-2023-52633, CVE-2023-52591,
CVE-2024-26633, CVE-2023-52627, CVE-2024-26670, CVE-2024-26598,
CVE-2024-26592, CVE-2023-52473, CVE-2023-52623, CVE-2023-52446,
CVE-2023-52443, CVE-2023-52451, CVE-2024-26629, CVE-2023-52462,
CVE-2024-26808, CVE-2023-52598, CVE-2023-52611, CVE-2023-52492,
CVE-2023-52456, CVE-2023-52626, CVE-2023-52455, CVE-2024-26641,
CVE-2023-52588, CVE-2023-52608, CVE-2024-26618, CVE-2024-26582,
CVE-2023-52609, CVE-2023-52604, CVE-2024-26646, CVE-2024-26634,
CVE-2023-52469, CVE-2023-52467, CVE-2023-52447, CVE-2024-26623,
CVE-2023-52621, CVE-2024-26647, CVE-2024-26615, CVE-2023-52450,
CVE-2023-52619, CVE-2023-52610, CVE-2023-52606, CVE-2023-52464,
CVE-2023-52465, CVE-2024-26638, CVE-2023-52498, CVE-2024-26625,
CVE-2023-52449, CVE-2023-52584, CVE-2023-52454, CVE-2023-52458,
CVE-2024-26585, CVE-2024-26669, CVE-2023-52493, CVE-2024-26645,
CVE-2024-26607, CVE-2023-52615, CVE-2023-52617, CVE-2024-26612,
CVE-2024-26668, CVE-2023-52594, CVE-2023-52612, CVE-2024-26584,
CVE-2024-26586, CVE-2024-26616, CVE-2024-26673, CVE-2023-52448,
CVE-2024-26620, CVE-2023-52614, CVE-2024-26636, CVE-2023-52602,
CVE-2023-52452, CVE-2023-52601, CVE-2024-26635, CVE-2024-26627,
CVE-2023-52488, CVE-2023-52487, CVE-2023-52597, CVE-2023-52494,
CVE-2023-52444, CVE-2024-26608, CVE-2023-52593, CVE-2023-52491,
CVE-2023-52595, CVE-2023-52599, CVE-2024-26595, CVE-2023-52622,
CVE-2024-26650, CVE-2024-26614, CVE-2023-52490, CVE-2023-52486,
CVE-2023-52457)

Read More

USN-6764-1: libde265 vulnerability

Read Time:13 Second

It was discovered that libde265 could be made to allocate memory that
exceeds the maximum supported size. If a user or automated system were
tricked into opening a specially crafted file, an attacker could possibly
use this issue to cause a denial of service.

Read More

USN-6754-2: nghttp2 vulnerability

Read Time:47 Second

USN-6754-1 fixed vulnerabilities in nghttp2. This update provides the
corresponding update for Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that nghttp2 incorrectly handled the HTTP/2
implementation. A remote attacker could possibly use this issue to cause
nghttp2 to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9511,
CVE-2019-9513)

It was discovered that nghttp2 incorrectly handled request cancellation. A
remote attacker could possibly use this issue to cause nghttp2 to consume
resources, leading to a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-44487)

It was discovered that nghttp2 could be made to process an unlimited number
of HTTP/2 CONTINUATION frames. A remote attacker could possibly use this
issue to cause nghttp2 to consume resources, leading to a denial of
service. (CVE-2024-28182)

Read More