Category Archives: Advisories

USN-6977-1: QEMU vulnerabilities

Read Time:22 Second

It was discovered that QEMU did not properly handle certain memory
operations, which could result in a buffer overflow. An attacker could
potentially use this issue to cause a denial of service. (CVE-2024-26327)

It was discovered that QEMU did not properly handle certain memory
operations, which could result in an out-of-bounds memory access. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-26328)

Read More

USN-6974-1: Linux kernel vulnerabilities

Read Time:21 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– MMC subsystem;
– Network drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
(CVE-2024-26921, CVE-2023-52629, CVE-2024-26680, CVE-2024-26830,
CVE-2024-39484, CVE-2024-39292, CVE-2024-36901, CVE-2023-52760)

Read More

USN-6973-1: Linux kernel vulnerabilities

Read Time:34 Second

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– MMC subsystem;
– Network drivers;
– SCSI drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)

Read More

USN-6972-1: Linux kernel vulnerabilities

Read Time:59 Second

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– GPU drivers;
– MMC subsystem;
– Network drivers;
– PHY drivers;
– Pin controllers subsystem;
– Xen hypervisor drivers;
– GFS2 file system;
– Core kernel;
– Bluetooth subsystem;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
– ALSA SH drivers;
(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,
CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,
CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,
CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)

Read More

USN-6971-1: Linux kernel vulnerabilities

Read Time:23 Second

It was discovered that the Option USB High Speed Mobile device driver in
the Linux kernel did not properly handle error conditions. A physically
proximate attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-37159)

A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystem:
– Network drivers;
(CVE-2021-46904)

Read More

USN-6950-4: Linux kernel (HWE) vulnerabilities

Read Time:1 Minute, 17 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– Block layer subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– FireWire subsystem;
– GPU drivers;
– InfiniBand drivers;
– Multiple devices driver;
– EEPROM drivers;
– Network drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– 9P distributed file system;
– Network file system client;
– SMB network file system;
– Socket messages infrastructure;
– Dynamic debug library;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– NSH protocol;
– Phonet protocol;
– TIPC protocol;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
(CVE-2024-36883, CVE-2024-36940, CVE-2024-36902, CVE-2024-36975,
CVE-2024-36964, CVE-2024-36938, CVE-2024-36931, CVE-2024-35848,
CVE-2024-26900, CVE-2024-36967, CVE-2024-36904, CVE-2024-27398,
CVE-2024-36031, CVE-2023-52585, CVE-2024-36886, CVE-2024-36937,
CVE-2024-36954, CVE-2024-36916, CVE-2024-36905, CVE-2024-36959,
CVE-2024-26980, CVE-2024-26936, CVE-2024-36928, CVE-2024-36889,
CVE-2024-36929, CVE-2024-36933, CVE-2024-27399, CVE-2024-36946,
CVE-2024-36906, CVE-2024-36965, CVE-2024-36957, CVE-2024-36941,
CVE-2024-36897, CVE-2024-36952, CVE-2024-36947, CVE-2024-36950,
CVE-2024-36880, CVE-2024-36017, CVE-2023-52882, CVE-2024-36969,
CVE-2024-38600, CVE-2024-36955, CVE-2024-36960, CVE-2024-27401,
CVE-2024-36919, CVE-2024-36934, CVE-2024-35947, CVE-2024-36953,
CVE-2024-36944, CVE-2024-36939)

Read More