Headline
Debian Security Advisory 5782-1
Debian Linux Security Advisory 5782-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5782-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
October 03, 2024 https://www.debian.org/security/faq
Package : linux
CVE ID : CVE-2023-31083 CVE-2024-27017 CVE-2024-35937 CVE-2024-35943
CVE-2024-35966 CVE-2024-40972 CVE-2024-41016 CVE-2024-41096
CVE-2024-41098 CVE-2024-42228 CVE-2024-42314 CVE-2024-43835
CVE-2024-43859 CVE-2024-43884 CVE-2024-43892 CVE-2024-44931
CVE-2024-44938 CVE-2024-44939 CVE-2024-44940 CVE-2024-44946
CVE-2024-44947 CVE-2024-44974 CVE-2024-44977 CVE-2024-44982
CVE-2024-44983 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987
CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991
CVE-2024-44995 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000
CVE-2024-45002 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007
CVE-2024-45008 CVE-2024-45009 CVE-2024-45010 CVE-2024-45011
CVE-2024-45016 CVE-2024-45018 CVE-2024-45019 CVE-2024-45021
CVE-2024-45022 CVE-2024-45025 CVE-2024-45026 CVE-2024-45028
CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675
CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685
CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702
CVE-2024-46707 CVE-2024-46711 CVE-2024-46713 CVE-2024-46714
CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719
CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723
CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46731
CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737
CVE-2024-46738 CVE-2024-46739 CVE-2024-46740 CVE-2024-46743
CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747
CVE-2024-46750 CVE-2024-46752 CVE-2024-46755 CVE-2024-46756
CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761
CVE-2024-46763 CVE-2024-46770 CVE-2024-46771 CVE-2024-46773
CVE-2024-46777 CVE-2024-46780 CVE-2024-46781 CVE-2024-46782
CVE-2024-46783 CVE-2024-46784 CVE-2024-46791 CVE-2024-46794
CVE-2024-46795 CVE-2024-46798 CVE-2024-46800 CVE-2024-46802
CVE-2024-46804 CVE-2024-46805 CVE-2024-46807 CVE-2024-46810
CVE-2024-46812 CVE-2024-46814 CVE-2024-46815 CVE-2024-46817
CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46822
CVE-2024-46826 CVE-2024-46828 CVE-2024-46829 CVE-2024-46830
CVE-2024-46832 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840
CVE-2024-46844 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849
CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855
CVE-2024-46857 CVE-2024-46858 CVE-2024-46859 CVE-2024-46865
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
For the stable distribution (bookworm), these problems have been fixed in
version 6.1.112-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmb+5rNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Qe8Q/+NKIdMggBJxg+LefsFD2RDncuEOQMKMIpBMFmm7VsrGln85jOptgfZNgY
6ytef8apSEw4MvwJ4TwlRDtNmAkwTauWd9cDx49BlDupZpdBGidWUW7RbombbihU
UXSpRMsm/lsXyPF2Llgmo18DeEOfyrGyQfXHWYxRjjNNPRZvxpgXZnntENijYy0y
e7ngYxVR6VwT2SDndICNLgJTZ+WGOHOD6DcrXvpwcHbcpCgFYrP1Iqe3gjbTX0VV
Vcv417x40HfBBPxLtAFYZNDo6/Zgfxugeo/LQVMmXXFjLCJFswxukQt9CWSSKNzV
0EsmgAn0C1xyq76sgCo49wKyfRlsoC4sH5sjRdod2bisY7PJK/DqKMK3nKg+zN0w
GMbgb6a8Th93QuOkBuAm5gEclsPB0m35ZxSKNKZD+CKMBVYLB1OexI9v1dkTzRM/
TP76yVltGmbECnI1ip+JSKYAgHwLgMfxEu2XNwFeVgIcES2CreD8LMXq3MstKyLB
pwN6VRJ4n9vpW/xUxJcdFOpgvsYLs7xOcoXk6TEInwx0NhQBNj7eC4J2dbtN+g0c
m349ryE+rZlPscH2vP0fzwXNfZemLb/KlZhhxraBW7dKOuHSJ+UHV3Hul9QTXzmD
HtZRwbU6DfqqzS/1JKxfLA1oVLI98JiDicOJyBwdtKjJu9M1CRY=
=J2U0
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 7021-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7022-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7039-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7021-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7020-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7029-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7029-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7021-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7020-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7021-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7020-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7019-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 7005-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7008-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7005-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7004-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6999-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2024-6567-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include double free, out of bounds access, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-5365-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and null pointer vulnerabilities.
Red Hat Security Advisory 2024-5364-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free, memory leak, and null pointer vulnerabilities.
Ubuntu Security Notice 6957-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6956-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6927-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6923-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6923-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6918-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6918-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6918-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6918-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6893-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6516-1 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6465-3 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6462-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6465-2 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
Ubuntu Security Notice 6465-1 - Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel contained a null pointer dereference vulnerability in some situations. A local privileged attacker could use this to cause a denial of service.
Ubuntu Security Notice 6439-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6440-2 - Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information or in conjunction with another kernel vulnerability. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service.
Ubuntu Security Notice 6439-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in the Linux kernel contained a race condition, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.