Category Archives: Advisories

Advisories

USN-6926-3: Linux kernel (Azure) vulnerabilities

Read Time:1 Minute, 43 Second

黄思聪 discovered that the NFC Controller Interface (NCI) implementation in
the Linux kernel did not properly handle certain memory allocation failure
conditions, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2023-46343)

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)

Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device
volume management subsystem did not properly validate logical eraseblock
sizes in certain situations. An attacker could possibly use this to cause a
denial of service (system crash). (CVE-2024-25739)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– HID subsystem;
– I2C subsystem;
– MTD block device drivers;
– Network drivers;
– TTY drivers;
– USB subsystem;
– File systems infrastructure;
– F2FS file system;
– SMB network file system;
– BPF subsystem;
– B.A.T.M.A.N. meshing protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– Unix domain sockets;
– AppArmor security module;
(CVE-2023-52435, CVE-2024-27013, CVE-2024-35984, CVE-2023-52620,
CVE-2024-35997, CVE-2023-52436, CVE-2024-26884, CVE-2024-26901,
CVE-2023-52469, CVE-2024-35978, CVE-2024-26886, CVE-2024-35982,
CVE-2024-36902, CVE-2024-26857, CVE-2024-26923, CVE-2023-52443,
CVE-2024-27020, CVE-2024-36016, CVE-2024-26840, CVE-2024-26934,
CVE-2023-52449, CVE-2024-26882, CVE-2023-52444, CVE-2023-52752)

Read More

Advisories

yyjson-0.10.0-2.el10_0

Read Time:52 Second

FEDORA-EPEL-2024-19e0ba9d5a

Packages in this update:

yyjson-0.10.0-2.el10_0

Update description:

Automatic update for yyjson-0.10.0-2.el10_0.

Changelog

* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.10.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jul 15 2024 Packit <hello@packit.dev> – 0.10.0-1
– Update to 0.10.0 upstream release
– Resolves: rhbz#2297812
* Tue Apr 9 2024 topazus <topazus@outlook.com> – 0.9.0-1
– Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791
* Tue Jan 30 2024 topazus <topazus@outlook.com> – 0.8.0-3
– Fix error of -Wno-implicit-int and -Wno-implicit-function-declaration
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 0.8.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 12 2023 topazus <topazus@outlook.com> – 0.8.0-1
– initial import; rhbz#2254133

Read More

Advisories

USN-6953-1: Linux kernel (Oracle) vulnerabilities

Read Time:2 Minute, 16 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– M68K architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Accessibility subsystem;
– Character device driver;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– FireWire subsystem;
– ARM SCMI message protocol;
– GPU drivers;
– HW tracing;
– InfiniBand drivers;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– SCSI drivers;
– SoundWire subsystem;
– Greybus lights staging drivers;
– TTY drivers;
– Framebuffer layer;
– Virtio drivers;
– 9P distributed file system;
– eCrypt file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– JFFS2 file system;
– Network file system client;
– NILFS2 file system;
– SMB network file system;
– Mellanox drivers;
– Kernel debugger infrastructure;
– IRQ subsystem;
– Tracing infrastructure;
– Dynamic debug library;
– 9P file system network protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– TIPC protocol;
– TLS protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– XFRM subsystem;
– ALSA framework;
(CVE-2024-26584, CVE-2023-52434, CVE-2024-36933, CVE-2024-36286,
CVE-2024-36886, CVE-2024-38579, CVE-2022-48772, CVE-2024-39493,
CVE-2024-38637, CVE-2024-36016, CVE-2023-52752, CVE-2024-38558,
CVE-2024-39488, CVE-2024-38559, CVE-2024-36919, CVE-2024-36905,
CVE-2024-39489, CVE-2024-39475, CVE-2021-47131, CVE-2024-26585,
CVE-2024-38578, CVE-2024-38567, CVE-2024-38596, CVE-2024-38598,
CVE-2024-36940, CVE-2024-38552, CVE-2024-37356, CVE-2024-38780,
CVE-2024-38589, CVE-2024-36959, CVE-2024-27399, CVE-2024-36017,
CVE-2024-38661, CVE-2024-36939, CVE-2024-36904, CVE-2024-36902,
CVE-2024-38381, CVE-2024-36883, CVE-2024-37353, CVE-2024-38560,
CVE-2024-39292, CVE-2024-36934, CVE-2024-38621, CVE-2024-38599,
CVE-2024-36941, CVE-2022-48655, CVE-2024-26886, CVE-2024-36014,
CVE-2024-38613, CVE-2024-27398, CVE-2024-27019, CVE-2024-36954,
CVE-2024-39471, CVE-2024-26583, CVE-2024-35947, CVE-2024-31076,
CVE-2024-38659, CVE-2024-38549, CVE-2024-38618, CVE-2024-38565,
CVE-2024-27401, CVE-2022-48674, CVE-2024-38582, CVE-2024-38634,
CVE-2024-38627, CVE-2024-39480, CVE-2024-36015, CVE-2023-52585,
CVE-2024-36270, CVE-2024-26907, CVE-2024-38615, CVE-2024-38600,
CVE-2024-38612, CVE-2024-36946, CVE-2024-39301, CVE-2024-38601,
CVE-2024-38635, CVE-2024-33621, CVE-2024-36964, CVE-2024-38633,
CVE-2024-39467, CVE-2024-38607, CVE-2024-36971, CVE-2024-35976,
CVE-2024-38587, CVE-2023-52882, CVE-2024-36950, CVE-2024-39276,
CVE-2024-36960, CVE-2024-38583)

Read More

Advisories

USN-6952-1: Linux kernel vulnerabilities

Read Time:5 Minute, 15 Second

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde
discovered that an untrusted hypervisor could inject malicious #VC
interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw
is known as WeSee. A local attacker in control of the hypervisor could use
this to expose sensitive information or possibly execute arbitrary code in
the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM32 architecture;
– ARM64 architecture;
– M68K architecture;
– OpenRISC architecture;
– PowerPC architecture;
– RISC-V architecture;
– x86 architecture;
– Block layer subsystem;
– Accessibility subsystem;
– Bluetooth drivers;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– DMA engine subsystem;
– DPLL subsystem;
– FireWire subsystem;
– EFI core;
– Qualcomm firmware drivers;
– GPIO subsystem;
– GPU drivers;
– HID subsystem;
– Microsoft Hyper-V drivers;
– I2C subsystem;
– InfiniBand drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– EEPROM drivers;
– MMC subsystem;
– Network drivers;
– STMicroelectronics network drivers;
– Device tree and open firmware driver;
– HiSilicon SoC PMU drivers;
– PHY drivers;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– SPI subsystem;
– Media staging drivers;
– Thermal drivers;
– TTY drivers;
– Userspace I/O drivers;
– USB subsystem;
– DesignWare USB3 driver;
– ACRN Hypervisor Service Module driver;
– Virtio drivers;
– 9P distributed file system;
– BTRFS file system;
– eCrypt file system;
– EROFS file system;
– File systems infrastructure;
– GFS2 file system;
– JFFS2 file system;
– Network file systems library;
– Network file system client;
– Network file system server daemon;
– NILFS2 file system;
– Proc file system;
– SMB network file system;
– Tracing file system;
– Mellanox drivers;
– Memory management;
– Socket messages infrastructure;
– Slab allocator;
– Tracing infrastructure;
– User-space API (UAPI);
– Core kernel;
– BPF subsystem;
– DMA mapping infrastructure;
– RCU subsystem;
– Dynamic debug library;
– KUnit library;
– Maple Tree data structure library;
– Heterogeneous memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– SMC sockets;
– TIPC protocol;
– Unix domain sockets;
– Wireless networking;
– Key management;
– ALSA framework;
– HD-audio driver;
– Kirkwood ASoC drivers;
– MediaTek ASoC drivers;
(CVE-2024-38601, CVE-2024-36935, CVE-2024-35991, CVE-2024-36032,
CVE-2024-35988, CVE-2024-36886, CVE-2024-36913, CVE-2024-36928,
CVE-2024-38553, CVE-2024-36927, CVE-2024-38615, CVE-2024-36958,
CVE-2024-36977, CVE-2024-36889, CVE-2024-38554, CVE-2024-38590,
CVE-2024-42134, CVE-2024-35857, CVE-2024-35850, CVE-2024-35986,
CVE-2024-36921, CVE-2024-38569, CVE-2024-36966, CVE-2024-38542,
CVE-2024-38585, CVE-2024-36884, CVE-2024-36006, CVE-2024-38577,
CVE-2024-36016, CVE-2024-38584, CVE-2024-36887, CVE-2024-38598,
CVE-2024-35994, CVE-2024-38603, CVE-2024-35998, CVE-2024-27401,
CVE-2024-35852, CVE-2024-36944, CVE-2024-38572, CVE-2024-36917,
CVE-2024-36943, CVE-2024-36009, CVE-2024-38587, CVE-2024-35949,
CVE-2024-36945, CVE-2024-36004, CVE-2024-36919, CVE-2024-27398,
CVE-2024-38582, CVE-2024-35847, CVE-2024-38580, CVE-2024-38602,
CVE-2024-36916, CVE-2024-36903, CVE-2024-38555, CVE-2024-36952,
CVE-2024-38589, CVE-2024-27394, CVE-2024-36933, CVE-2024-36975,
CVE-2024-38591, CVE-2024-38612, CVE-2024-36939, CVE-2024-35983,
CVE-2024-38607, CVE-2024-36929, CVE-2024-35849, CVE-2024-36941,
CVE-2024-35858, CVE-2024-38599, CVE-2024-35996, CVE-2024-36031,
CVE-2024-36931, CVE-2024-35990, CVE-2024-35851, CVE-2024-38556,
CVE-2024-36000, CVE-2024-36910, CVE-2024-38573, CVE-2024-36906,
CVE-2024-36951, CVE-2024-38604, CVE-2024-38613, CVE-2024-38547,
CVE-2024-36014, CVE-2024-36949, CVE-2024-36033, CVE-2024-38597,
CVE-2024-36880, CVE-2024-38594, CVE-2024-36894, CVE-2024-38546,
CVE-2024-36947, CVE-2024-38541, CVE-2024-35989, CVE-2024-27399,
CVE-2024-38550, CVE-2024-36922, CVE-2024-36008, CVE-2024-38540,
CVE-2024-36924, CVE-2024-36892, CVE-2024-38549, CVE-2024-36882,
CVE-2024-36908, CVE-2024-38566, CVE-2024-36005, CVE-2024-38583,
CVE-2024-36968, CVE-2024-36017, CVE-2024-38565, CVE-2024-36881,
CVE-2024-38611, CVE-2024-36897, CVE-2024-38560, CVE-2024-36923,
CVE-2024-38575, CVE-2024-36899, CVE-2024-38570, CVE-2024-36898,
CVE-2024-36896, CVE-2024-38559, CVE-2024-38588, CVE-2024-38606,
CVE-2024-38551, CVE-2024-36891, CVE-2024-38567, CVE-2024-36895,
CVE-2024-35993, CVE-2024-38552, CVE-2024-36925, CVE-2024-36964,
CVE-2024-36888, CVE-2024-36956, CVE-2024-36946, CVE-2024-38600,
CVE-2024-35997, CVE-2024-36912, CVE-2024-35984, CVE-2024-35848,
CVE-2024-38545, CVE-2024-38563, CVE-2024-36918, CVE-2024-36001,
CVE-2024-36957, CVE-2024-38576, CVE-2024-36030, CVE-2024-38574,
CVE-2024-36963, CVE-2024-36890, CVE-2024-36960, CVE-2024-36901,
CVE-2024-38614, CVE-2024-35859, CVE-2024-38593, CVE-2024-36904,
CVE-2024-36012, CVE-2024-38578, CVE-2024-36011, CVE-2024-36930,
CVE-2024-36938, CVE-2024-36893, CVE-2024-35987, CVE-2024-36905,
CVE-2024-35853, CVE-2024-36003, CVE-2024-38562, CVE-2024-38617,
CVE-2024-35855, CVE-2024-36965, CVE-2024-38596, CVE-2024-38558,
CVE-2024-38568, CVE-2024-36955, CVE-2024-36029, CVE-2024-36967,
CVE-2024-36940, CVE-2024-38595, CVE-2024-36028, CVE-2024-38610,
CVE-2024-36911, CVE-2024-35999, CVE-2024-35854, CVE-2024-38571,
CVE-2024-38548, CVE-2024-36948, CVE-2024-36002, CVE-2024-36961,
CVE-2024-36900, CVE-2024-36932, CVE-2024-36902, CVE-2024-35992,
CVE-2024-36914, CVE-2024-38592, CVE-2024-38616, CVE-2024-27400,
CVE-2024-36937, CVE-2024-36920, CVE-2024-38586, CVE-2024-36909,
CVE-2024-35846, CVE-2024-39482, CVE-2024-38579, CVE-2024-38539,
CVE-2024-27395, CVE-2024-36962, CVE-2024-36013, CVE-2024-27396,
CVE-2024-38557, CVE-2024-36953, CVE-2024-41011, CVE-2023-52882,
CVE-2024-36969, CVE-2024-36007, CVE-2024-35856, CVE-2024-38605,
CVE-2024-36915, CVE-2024-36979, CVE-2024-36954, CVE-2024-38538,
CVE-2024-36950, CVE-2024-36926, CVE-2024-38544, CVE-2024-36959,
CVE-2024-38561, CVE-2024-36883, CVE-2024-36936, CVE-2024-38564,
CVE-2024-38543, CVE-2024-36934, CVE-2024-35947, CVE-2024-38620)

Read More