Headline
Debian Security Advisory 5747-1
Debian Linux Security Advisory 5747-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5747-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
August 12, 2024 https://www.debian.org/security/faq
Package : linux
CVE ID : CVE-2022-48666 CVE-2024-36484 CVE-2024-36901 CVE-2024-36938
CVE-2024-39487 CVE-2024-40947 CVE-2024-41007 CVE-2024-41009
CVE-2024-41012 CVE-2024-41015 CVE-2024-41017 CVE-2024-41020
CVE-2024-41022 CVE-2024-41034 CVE-2024-41035 CVE-2024-41040
CVE-2024-41041 CVE-2024-41044 CVE-2024-41046 CVE-2024-41049
CVE-2024-41055 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064
CVE-2024-41065 CVE-2024-41068 CVE-2024-41070 CVE-2024-41072
CVE-2024-41077 CVE-2024-41078 CVE-2024-41081 CVE-2024-41090
CVE-2024-41091 CVE-2024-42101 CVE-2024-42102 CVE-2024-42104
CVE-2024-42105 CVE-2024-42106 CVE-2024-42115 CVE-2024-42119
CVE-2024-42120 CVE-2024-42121 CVE-2024-42124 CVE-2024-42127
CVE-2024-42131 CVE-2024-42137 CVE-2024-42143 CVE-2024-42145
CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42154
CVE-2024-42157 CVE-2024-42161 CVE-2024-42223 CVE-2024-42224
CVE-2024-42229 CVE-2024-42232 CVE-2024-42236 CVE-2024-42244
CVE-2024-42247
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
For the oldstable distribution (bullseye), these problems have been
fixed in version 5.10.223-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAma6T9JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QQdw/+OGGxmpgZNx20CbIlzd6l7HTabFLT1VJZY/mVVmWOIGkCjOoTuvL4VOFq
vAs6vPMk7P1x+XMJ8kqzdn9+OO+cKYb6fFC6cFNMigIvTP/5w9V8Llsyn4liI8XB
u1TmLiLA9tvJ5rfSzWsFWOgpL+swzYJznlL7jcaFIcLemZCQuCwmrB8ZF04F5LOa
i0PIQwu8Cic1BmCSe6TZy8as6D7hCLPBQvqY+xW5u4/07ncVQ0tOrZn8uxndVM+h
TSI35otncMsgDNXw1TQYgLyDwIUm79MbIm+P0THXr/HGXO14ehOHxvJ8MG8iXt/Q
+YM1NlS5tqGPXPI+0dlGdwSx/a4XuPFOUQyxlj2B3xvhUD+rbTCtzamcjY0Qw4l3
MhtkTjUZdOj9XdLyziAQs+bD0sKzuEu+Nkq2N6kl0Op2tRhge3aI9mwJK8v5CldY
NiQS665HLwrjW+E4YT3hDl4ugnu66wBNDQMsR5x+gyQI9kK6vsm8xR123ugfPodL
R4FXaf+DUQ0oVfOWJBcg6S3dmoaAwxUaJOCgHfTaqvatL8YOLvejeW1Vg+xCGGNg
yKjdKA6bVzZjyTrqCEoSGkhx6MEiojHlwi8W+kLYNPssTkXgZ3p6dG6PPMMAxdwq
ROJ+FccgiUApJNFmfbvU6x/pwaUzpbXP09a3bIFnNRSo40BxVio=
=HNP3
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 7009-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 7005-2 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7008-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7007-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 7003-3 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7006-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7005-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7004-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 7003-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 7003-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6999-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2024-6567-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include double free, out of bounds access, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-6560-03 - An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-6313-03 - An update for kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-6268-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-6267-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-6160-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-6156-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
Ubuntu Security Notice 6973-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-5858-03 - An update for kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.
Ubuntu Security Notice 6974-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6973-2 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6972-3 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
Ubuntu Security Notice 6972-2 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
Ubuntu Security Notice 6976-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
Ubuntu Security Notice 6974-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6973-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6972-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.
Ubuntu Security Notice 6950-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-5582-03 - An update for kpatch-patch-4_18_0-372_87_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6949-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6952-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6950-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6957-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6956-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6955-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Red Hat Security Advisory 2024-5256-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.
Ubuntu Security Notice 6952-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6952-1 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6950-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Ubuntu Security Notice 6949-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Debian Linux Security Advisory 5731-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5731-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.