Ubuntu Security Notice 7033-1 - It was discovered that some Intel Processors did not properly restrict access to the Running Average Power Limit interface. This may allow a local privileged attacker to obtain sensitive information. It was discovered that some Intel Processors did not properly implement finite state machines in hardware logic. This may allow a local privileged attacker to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-7033-1  
September 25, 2024

intel-microcode vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:  
- intel-microcode: Processor microcode for Intel CPUs

Details:

It was discovered that some Intel(R) Processors did not properly restrict  
access to the Running Average Power Limit (RAPL) interface. This may allow  
a local privileged attacker to obtain sensitive information.  
(CVE-2024-23984)

It was discovered that some Intel(R) Processors did not properly implement  
finite state machines (FSMs) in hardware logic. This may allow a local  
privileged attacker to cause a denial of service (system crash).  
(CVE-2024-24968)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.24.04.1

Ubuntu 22.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.22.04.1

Ubuntu 20.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.20.04.1

Ubuntu 18.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.18.04.1+esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  intel-microcode                 3.20240910.0ubuntu0.16.04.1+esm1  
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7033-1  
  CVE-2024-23984, CVE-2024-24968

Package Information:  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.24.04.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/intel-microcode/3.20240910.0ubuntu0.20.04.1

Ubuntu Security Notice USN-7033-1

Red Hat Security Advisory 2024-7074-03 - Network Observability 1.6 for Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7074.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Network Observability 1.6.2 for OpenShift  
Advisory ID:        RHSA-2024:7074-03  
Product:            Network Observability  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7074  
Issue date:         2024-09-25  
Revision:           03  
CVE Names:          CVE-2024-24791  
====================================================================

Summary: 

Network Observability 1.6 for Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Network Observability 1.6.2

Security Fix(es):

* CVE-2024-24791 golang: net/http: Denial of service due to improper 100-continue handling in net/http

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-24791

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2295310  
https://issues.redhat.com/browse/NETOBSERV-1737

Red Hat Security Advisory 2024-7074-03

Red Hat Security Advisory 2024-6818-03 - Red Hat OpenShift Container Platform release 4.15.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6818.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.34 bug fix and security update  
Advisory ID:        RHSA-2024:6818-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6818  
Issue date:         2024-09-25  
Revision:           03  
CVE Names:          CVE-2024-7409  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.34 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.34. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:6821

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server  
During Socket Closure (CVE-2024-7409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-7409

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2302487  
https://issues.redhat.com/browse/OCPBUGS-35869  
https://issues.redhat.com/browse/OCPBUGS-35922  
https://issues.redhat.com/browse/OCPBUGS-37464  
https://issues.redhat.com/browse/OCPBUGS-37727  
https://issues.redhat.com/browse/OCPBUGS-38065  
https://issues.redhat.com/browse/OCPBUGS-38108  
https://issues.redhat.com/browse/OCPBUGS-38593  
https://issues.redhat.com/browse/OCPBUGS-41340  
https://issues.redhat.com/browse/OCPBUGS-41598  
https://issues.redhat.com/browse/OCPBUGS-41635  
https://issues.redhat.com/browse/OCPBUGS-41701  
https://issues.redhat.com/browse/OCPBUGS-41809  
https://issues.redhat.com/browse/OCPBUGS-41819  
https://issues.redhat.com/browse/OCPBUGS-41946  
https://issues.redhat.com/browse/OCPBUGS-41947  
https://issues.redhat.com/browse/OCPBUGS-41981

Red Hat Security Advisory 2024-6818-03

Red Hat Security Advisory 2024-6811-03 - Red Hat OpenShift Container Platform release 4.13.51 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6811.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.51 bug fix and security update  
Advisory ID:        RHSA-2024:6811-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6811  
Issue date:         2024-09-25  
Revision:           03  
CVE Names:          CVE-2023-45142  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.51 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.51. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:6813

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames  
causes DoS (CVE-2023-45288)  
* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)  
* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound  
cardinality metrics (CVE-2023-47108)  
* go-retryablehttp: url might write sensitive information to log file  
(CVE-2024-6104)  
* QEMU: Denial of Service via Improper Synchronization in QEMU NBD Server  
During Socket Closure (CVE-2024-7409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45142

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://bugzilla.redhat.com/show_bug.cgi?id=2302487  
https://issues.redhat.com/browse/OCPBUGS-37921  
https://issues.redhat.com/browse/OCPBUGS-38254  
https://issues.redhat.com/browse/OCPBUGS-38264  
https://issues.redhat.com/browse/OCPBUGS-41515  
https://issues.redhat.com/browse/OCPBUGS-41594  
https://issues.redhat.com/browse/OCPBUGS-41723  
https://issues.redhat.com/browse/OCPBUGS-41786

Red Hat Security Advisory 2024-6811-03

sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-vrcx-gx3g-j3h8: Heap-based Buffer Overflow in sqlite-vec

Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.

Wednesday, September 25, 2024 12:00

Cisco Talos’ Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. 

One is a vulnerability in the High-Definition Audio Bus Driver in Windows systems that could lead to a denial of service, while the other is a memory corruption issue that exists in a multicasting protocol in Windows 10. 

Additionally, Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller.  

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website. 

**Microsoft High-Definition Audio Bus Driver denial-of-service vulnerability **

_Discovered by Marcin “Icewall” Noga._ 

TALOS-2024-2008 (CVE-2024-45383) is a vulnerability in the Microsoft HD Audio Bus Driver that could allow an attacker to cause a denial of service. 

The driver allows the Windows operating system to communicate with external audio devices that play sound, including those that are integrated into machines’ motherboards or connected via HD audio interfaces.  

A mishandling of IRP requests in the driver’s interface could allow an attacker to send multiple IRP Complete requests to the driver, causing the DoS and forcing the operating system into the “Blue Screen of Death.” 

**Stale memory dereference in Microsoft Pragmatic General Multicast Server **

_Discovered by a Cisco Talos researcher._ 

A memory corruption vulnerability exists in the Pragmatic General Multicast server in the Microsoft Windows 10 Kernel.  

The Pragmatic General Multicast protocol is an IP-based multicasting protocol that is implemented by Microsoft as part of the Message Queueing service available in different versions of Windows. 

A specially crafted network packet can lead to the access of stale memory structure, resulting in memory corruption. An attacker can send a sequence of malicious packets to trigger TALOS-2024-2062 (CVE-2024-38140). 

Talos independently discovered this issue and reported it to Microsoft prior to their patch release earlier this year. However, Microsoft informed us that an internal researcher had already discovered this issue. 

**Three vulnerabilities in OpenPLC **

_Discovered by Jared Rittle_.

Talos recently discovered three vulnerabilities in OpenPLC, an open-source programmable logic controller designed to provide a low-cost option for automation in many manufacturing and logistics settings. 

Two of the issues — TALOS-2024-2004 (CVE-2024-36980, CVE-2024-36981) and TALOS-2024-2016 (CVE-2024-39589, CVE-2024-39590) — can lead to a denial-of-service on the targeted device. An adversary could exploit these vulnerabilities by sending a series of specially crafted Ethernet/IP requests. 

Another stack-based buffer overflow vulnerability, TALOS-2024-2005 (CVE-2024-34026), can also be exploited in this way. However, in this case, it could lead to remote code execution.

Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-6375-pg5j-8wph: Denial of service in rocket chat message parser

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

Source: Bax Walker via Alamy Stock Photo

Multiple critical security vulnerabilities in automatic tank gauge (ATG) systems, some unpatched, threaten critical infrastructure facilities with disruption and physical damage, researchers are warning.

ATGs are sensor systems that monitor and manage fuel storage tanks to ensure that fill levels aren't too low or too high, to see that leaks are detected in real-time, and to manage inventory. ATGs can be found where you'd expect them to be, like at gas stations and airports, but also in less obvious installations.

"In the US, for example, we were told that you are required by law to have an ATG system installed in any fuel tank of a certain size," Pedro Umbelino, principal research scientist at Bitsight's TRACE unit, explains to Dark Reading. "Gas stations are the largest and most obvious use case, but the second largest use case for ATGs are critical facilities that require large backup generators — you often see these in facilities like hospitals, military installations and airports."

Worryingly, most of the newly discovered vulnerabilities allow for an attacker to have full control of an ATG as an administrator. And according to Umbelino, the 11 bugs across six ATG systems from five different vendors can thus open the door to a gamut of nefarious activities, ranging from making fueling unavailable to wreaking environmental havoc.

Related:Kansas Water Plant Pivots to Analog After Cyber Event

"What's even more concerning is that, besides multiple warnings in the past, thousands of ATGs are still currently online and directly accessible over the Internet, making them prime targets for cyberattacks, especially in sabotage or cyberwarfare scenarios," Umbelino said in an analysis released on Sept. 24.

The bugs were discovered six months ago, with Bitsight, the US Cybersecurity and Infrastructure Security Agency (CISA), and the affected vendors working in tandem to mitigate the problems. As a result of those efforts, "Maglink and Franklin have released patches," Umbelino says. "The affected OPW product has been EOL'd \[end of life\] and is no longer being supported by the vendor, so they will not be releasing a patch. Proteus and Alisonic have not engaged with us or with CISA as part of the disclosure process, so it's unclear to us if they’ve released or are working on a mitigation plan."

Patching isn't where the remediation needs stop, though.

"Even for devices that have had patches issued, my top recommendation is to disconnect these devices from the public Internet," Umbelino says. "Most of them were never designed to be connected in the way they are today, so they weren't built with the level of security that is required for Internet-connected devices. They're being used in ways that vendors hadn't initially intended, and that's what is at the core of these vulnerabilities. Taking them off the public Internet is the only true solution."

Related:Concerns Over Supply Chain Attacks on US Seaports Grow

**Major Cyber-Risk From ATG Tampering**

ATGs not only automatically measure and record the level, volume, and temperature of products in storage tanks, but they're usually connected to sirens, emergency shutoff valves, ventilation systems, and peripherals like fuel dispensers.

"Part of what makes these devices attractive to security researchers, or a malicious actor for that matter, is the potential ability to control physical processes that could lead to disastrous consequences if they are abused in unintended ways," Umbelino noted.

As Umbelino explained, "We found vanilla reflected cross-site scripting (XSS). The authentication bypasses were direct path access. The command injections lacked filtering. There were hardcoded administrator credentials. The arbitrary file read was a direct path traversal access, yielding admin credentials. The SQL injection could be exploited aided by full SQL error logs."

The vulnerabilities are as follows:

Related:Name That Toon: Tug of War

Source: Bitsight TRACE.

As an example of those consequences, attackers could exploit the bugs to change the amount of liquid a tank is capable of taking on, while also tampering with overflow alarms. The result could be an undetected tank overflow, which could cause gas spills and environmental chaos.

And as Umbelino explained in the post, "The most damaging attack is making the devices run in a way that might cause physical damage to their components or components connected to it. In our research, we've shown that an attacker can gain access to a device and drive the relays at very fast speeds, causing permanent damage to them."

Other bad outcomes include making the systems inaccessible via denial of service (DoS), exposing competitive operations data (delivery dates, pricing, inventory intel, types of alarms, etc.), or the loss of compliance data leading to potential regulatory fines. In a DoS scenario for instance, an attack could "lead to downtime and would usually require human intervention," Umbelino explained in the posting. "In fact, these types of attacks are currently ongoing, with claims of exploitation of at least one brand of devices for which we published a vulnerability on just two weeks ago."

**Critical Infrastructure Under Increasing Cyber Threat**

The critical infrastructure threat landscape continues to be a thorny problem for security practitioners, starting with the fact that ICS systems and the operational technology (OT) that controls them are designed to prioritize reliability and efficiency, not security.

"As a result, they often lack modern protections," Umbelino noted. "In addition ... vendors recently started to integrate them with newer technology to improve efficiency and remote access and this significantly changes their threat model. Of course, there is also a lack of cybersecurity experts that are familiar with ICS systems. It is hard to find vulnerabilities if no one is looking for them."

Threat actors have taken notice: Chinese APTs like Volt Typhoon and others are looking to gain a foothold within physical infrastructure, for operational espionage as well as cultivating the potential for disruptive attacks. Ransomware gangs have their own reasons for targeting ICS, as seen in the infamous Colonial Pipeline cyberattack.

"While not related to the vulnerabilities we found, there is a group consistently claiming ICT/OT disruption in the Ukraine-Russia war, including ATG systems," Umbelino says. "In this tweet, we can see an OPW ATG system being targeted, but they claim to have affected many other ICT/OT devices too, indicating that attackers do see these elements within critical infrastructure as a target."

CISA itself has flagged increased threats to water supply organizations, power plants, manufacturing, telecom carriers, military footprints, and more — attacks that are largely being spearheaded by APTs backed by China, Russia, and Iran.

So far, defenders have headed off catastrophic attacks at the pass, and there's no reason to expect mass gas spills anytime soon, given the complexity and sophistication required to exploit the bugs, but it's important to stay ahead of the risk.

"It’s not just about fixing vulnerabilities, it’s about adopting security practices that make them difficult to exist in the first place," Umbelino explained in the analysis. "And it is not just about the vulnerabilities themselves, it's about their exposure. Organizations need to understand they should not expose these types of critical systems to the public Internet. They need to effectively assess their exposure, understand their current risk and start addressing such issues, regardless of vendors ability to update their systems in a timely fashion."

Security researchers also have an important role to play, he adds, noting that stakeholders should be expanding their ICS focus.

"We should start paying more close attention to these types of systems that control very important parts of our society and that, if abused, can have a physical effect on the world, sometimes catastrophic," Umbelino says. "We need to systematically discover, classify and mitigate the risk of them being openly exposed to the Internet faster than the attackers, and be able to communicate that risk to all affected parties. It is not an easy task."

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

Gentoo Linux Security Advisory 202409-24 - Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service. Versions greater than or equal to 0.4.8.9 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Tor: Multiple Vulnerabilities  
     Date: September 24, 2024  
     Bugs: #916759, #917142  
       ID: 202409-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Tor, the worst of which  
could result in denial of service.

Background  
==========

Tor is an implementation of second generation Onion Routing, a  
connection-oriented anonymizing communication service.

Affected packages  
=================

Package      Vulnerable    Unaffected  
-----------  ------------  ------------  
net-vpn/tor  < 0.4.8.9     >= 0.4.8.9

Description  
===========

Multiple vulnerabilities have been discovered in Tor. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Tor users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-vpn/tor-0.4.8.9"

References  
==========

[ 1 ] TROVE-2023-004  
[ 2 ] TROVE-2023-006

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-24

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-24

Ubuntu Security Notice 7029-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7029-1September 23, 2024linux-hwe-6.8==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-hwe-6.8: Linux hardware enablement (HWE) kernelDetails:Chenyuan Yang discovered that the CEC driver driver in the Linux kernelcontained a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2024-23848)It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - User-Mode Linux (UML);  - x86 architecture;  - Block layer subsystem;  - ACPI drivers;  - Drivers core;  - Null block device driver;  - Character device driver;  - TPM device driver;  - Clock framework and drivers;  - CPU frequency scaling framework;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Buffer Sharing and Synchronization framework;  - DMA engine subsystem;  - EFI core;  - FPGA Framework;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - HW tracing;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Input Device (Mouse) drivers;  - Mailbox framework;  - Media drivers;  - Microchip PCI driver;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - PCI subsystem;  - x86 platform drivers;  - PTP clock framework;  - S/390 drivers;  - SCSI drivers;  - SoundWire subsystem;  - Sonic Silicon Backplane drivers;  - Greybus lights staging drivers;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - VFIO drivers;  - Framebuffer layer;  - Watchdog drivers;  - 9P distributed file system;  - BTRFS file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFS file system;  - Network file system server daemon;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Tracing file system;  - IOMMU subsystem;  - Tracing infrastructure;  - io_uring subsystem;  - Core kernel;  - BPF subsystem;  - Kernel debugger infrastructure;  - DMA mapping infrastructure;  - IRQ subsystem;  - Memory management;  - 9P file system network protocol;  - Amateur Radio drivers;  - B.A.T.M.A.N. meshing protocol;  - Ethernet bridge;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - MAC80211 subsystem;  - Multipath TCP;  - Netfilter;  - NET/ROM layer;  - NFC subsystem;  - Network traffic control;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - XFRM subsystem;  - AppArmor security module;  - Integrity Measurement Architecture(IMA) framework;  - Landlock security;  - Linux Security Modules (LSM) Framework;  - SELinux security module;  - Simplified Mandatory Access Control Kernel framework;  - ALSA framework;  - HD-audio driver;  - SOF drivers;  - KVM core;(CVE-2024-39498, CVE-2024-33847, CVE-2024-39510, CVE-2024-39462,CVE-2024-40930, CVE-2024-38634, CVE-2024-40962, CVE-2024-37078,CVE-2024-39371, CVE-2024-40972, CVE-2024-41002, CVE-2024-40920,CVE-2024-40982, CVE-2024-40915, CVE-2024-40942, CVE-2024-42154,CVE-2024-40937, CVE-2024-40967, CVE-2024-40909, CVE-2024-36244,CVE-2024-33619, CVE-2024-39277, CVE-2024-40900, CVE-2024-38661,CVE-2024-40974, CVE-2024-38618, CVE-2024-32936, CVE-2024-40906,CVE-2024-40919, CVE-2024-39470, CVE-2024-38390, CVE-2024-40966,CVE-2024-39467, CVE-2024-40938, CVE-2024-39471, CVE-2024-39485,CVE-2024-39495, CVE-2024-39492, CVE-2024-39475, CVE-2024-40953,CVE-2024-40939, CVE-2024-39493, CVE-2024-38637, CVE-2024-40945,CVE-2024-41006, CVE-2024-39461, CVE-2024-40948, CVE-2024-40916,CVE-2024-40925, CVE-2024-40956, CVE-2024-40970, CVE-2024-40912,CVE-2024-33621, CVE-2024-40989, CVE-2024-36489, CVE-2024-37354,CVE-2024-34027, CVE-2024-39506, CVE-2024-39296, CVE-2024-40977,CVE-2024-38624, CVE-2024-40983, CVE-2024-40911, CVE-2024-36477,CVE-2024-38384, CVE-2024-39507, CVE-2024-38659, CVE-2024-40987,CVE-2024-40922, CVE-2024-36978, CVE-2024-38629, CVE-2024-38622,CVE-2024-40921, CVE-2024-40903, CVE-2024-38306, CVE-2024-40926,CVE-2024-39291, CVE-2024-36286, CVE-2024-40910, CVE-2024-40943,CVE-2024-40899, CVE-2024-37356, CVE-2024-40961, CVE-2024-39468,CVE-2024-40940, CVE-2024-40931, CVE-2024-38381, CVE-2024-40998,CVE-2024-34030, CVE-2024-41000, CVE-2024-40986, CVE-2024-38663,CVE-2024-40914, CVE-2024-31076, CVE-2024-42228, CVE-2024-40978,CVE-2024-40975, CVE-2024-39494, CVE-2024-40905, CVE-2024-40908,CVE-2024-38625, CVE-2024-38388, CVE-2024-40965, CVE-2024-41004,CVE-2023-52884, CVE-2024-39484, CVE-2024-40951, CVE-2024-40988,CVE-2024-40929, CVE-2024-39491, CVE-2024-40992, CVE-2024-41009,CVE-2024-40976, CVE-2024-40917, CVE-2024-39502, CVE-2024-40999,CVE-2024-39479, CVE-2024-39505, CVE-2024-40981, CVE-2024-38662,CVE-2024-38636, CVE-2024-39496, CVE-2024-39276, CVE-2024-41003,CVE-2024-37021, CVE-2024-36972, CVE-2024-38780, CVE-2024-40954,CVE-2024-40963, CVE-2024-36478, CVE-2024-39465, CVE-2024-39474,CVE-2024-39490, CVE-2024-36484, CVE-2024-36974, CVE-2024-38628,CVE-2024-36479, CVE-2024-42078, CVE-2024-40936, CVE-2024-38385,CVE-2024-40996, CVE-2024-40901, CVE-2024-40969, CVE-2024-39483,CVE-2024-40990, CVE-2024-40947, CVE-2024-40980, CVE-2024-39464,CVE-2024-40923, CVE-2024-40933, CVE-2024-39481, CVE-2024-40927,CVE-2024-38667, CVE-2024-42159, CVE-2024-38635, CVE-2024-38627,CVE-2024-38630, CVE-2024-39504, CVE-2024-34777, CVE-2024-40944,CVE-2024-37026, CVE-2024-38633, CVE-2024-40941, CVE-2024-39499,CVE-2024-36270, CVE-2024-35247, CVE-2024-40924, CVE-2024-40984,CVE-2024-40968, CVE-2024-39489, CVE-2024-39298, CVE-2024-40949,CVE-2024-39508, CVE-2024-41001, CVE-2024-40934, CVE-2024-40957,CVE-2024-39292, CVE-2024-40979, CVE-2024-39488, CVE-2024-40995,CVE-2024-39500, CVE-2024-40918, CVE-2024-36015, CVE-2024-39503,CVE-2024-39301, CVE-2024-39466, CVE-2024-42224, CVE-2024-39478,CVE-2024-40902, CVE-2024-39509, CVE-2024-39463, CVE-2024-40971,CVE-2024-40928, CVE-2024-38664, CVE-2024-39473, CVE-2024-39501,CVE-2024-36288, CVE-2024-42148, CVE-2024-38621, CVE-2024-38632,CVE-2024-41005, CVE-2024-38619, CVE-2024-36973, CVE-2024-40994,CVE-2024-42160, CVE-2024-40960, CVE-2024-40958, CVE-2024-39469,CVE-2022-48772, CVE-2024-40964, CVE-2024-40913, CVE-2024-36481,CVE-2024-40932, CVE-2024-36971, CVE-2024-40935, CVE-2024-38623,CVE-2024-40997, CVE-2024-40952, CVE-2024-40955, CVE-2024-36281,CVE-2024-39480, CVE-2024-40904, CVE-2024-40985, CVE-2024-39497,CVE-2024-40973, CVE-2024-40959)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-6.8.0-45-generic    6.8.0-45.45~22.04.1  linux-image-6.8.0-45-generic-64k  6.8.0-45.45~22.04.1  linux-image-generic-64k-hwe-22.04  6.8.0-45.45~22.04.1  linux-image-generic-hwe-22.04   6.8.0-45.45~22.04.1  linux-image-oem-22.04           6.8.0-45.45~22.04.1  linux-image-oem-22.04a          6.8.0-45.45~22.04.1  linux-image-oem-22.04b          6.8.0-45.45~22.04.1  linux-image-oem-22.04c          6.8.0-45.45~22.04.1  linux-image-oem-22.04d          6.8.0-45.45~22.04.1  linux-image-virtual-hwe-22.04   6.8.0-45.45~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7029-1  CVE-2022-48772, CVE-2023-52884, CVE-2024-23848, CVE-2024-31076,  CVE-2024-32936, CVE-2024-33619, CVE-2024-33621, CVE-2024-33847,  CVE-2024-34027, CVE-2024-34030, CVE-2024-34777, CVE-2024-35247,  CVE-2024-36015, CVE-2024-36244, CVE-2024-36270, CVE-2024-36281,  CVE-2024-36286, CVE-2024-36288, CVE-2024-36477, CVE-2024-36478,  CVE-2024-36479, CVE-2024-36481, CVE-2024-36484, CVE-2024-36489,  CVE-2024-36971, CVE-2024-36972, CVE-2024-36973, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37021, CVE-2024-37026, CVE-2024-37078,  CVE-2024-37354, CVE-2024-37356, CVE-2024-38306, CVE-2024-38381,  CVE-2024-38384, CVE-2024-38385, CVE-2024-38388, CVE-2024-38390,  CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38622,  CVE-2024-38623, CVE-2024-38624, CVE-2024-38625, CVE-2024-38627,  CVE-2024-38628, CVE-2024-38629, CVE-2024-38630, CVE-2024-38632,  CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38636,  CVE-2024-38637, CVE-2024-38659, CVE-2024-38661, CVE-2024-38662,  CVE-2024-38663, CVE-2024-38664, CVE-2024-38667, CVE-2024-38780,  CVE-2024-39276, CVE-2024-39277, CVE-2024-39291, CVE-2024-39292,  CVE-2024-39296, CVE-2024-39298, CVE-2024-39301, CVE-2024-39371,  CVE-2024-39461, CVE-2024-39462, CVE-2024-39463, CVE-2024-39464,  CVE-2024-39465, CVE-2024-39466, CVE-2024-39467, CVE-2024-39468,  CVE-2024-39469, CVE-2024-39470, CVE-2024-39471, CVE-2024-39473,  CVE-2024-39474, CVE-2024-39475, CVE-2024-39478, CVE-2024-39479,  CVE-2024-39480, CVE-2024-39481, CVE-2024-39483, CVE-2024-39484,  CVE-2024-39485, CVE-2024-39488, CVE-2024-39489, CVE-2024-39490,  CVE-2024-39491, CVE-2024-39492, CVE-2024-39493, CVE-2024-39494,  CVE-2024-39495, CVE-2024-39496, CVE-2024-39497, CVE-2024-39498,  CVE-2024-39499, CVE-2024-39500, CVE-2024-39501, CVE-2024-39502,  CVE-2024-39503, CVE-2024-39504, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39507, CVE-2024-39508, CVE-2024-39509, CVE-2024-39510,  CVE-2024-40899, CVE-2024-40900, CVE-2024-40901, CVE-2024-40902,  CVE-2024-40903, CVE-2024-40904, CVE-2024-40905, CVE-2024-40906,  CVE-2024-40908, CVE-2024-40909, CVE-2024-40910, CVE-2024-40911,  CVE-2024-40912, CVE-2024-40913, CVE-2024-40914, CVE-2024-40915,  CVE-2024-40916, CVE-2024-40917, CVE-2024-40918, CVE-2024-40919,  CVE-2024-40920, CVE-2024-40921, CVE-2024-40922, CVE-2024-40923,  CVE-2024-40924, CVE-2024-40925, CVE-2024-40926, CVE-2024-40927,  CVE-2024-40928, CVE-2024-40929, CVE-2024-40930, CVE-2024-40931,  CVE-2024-40932, CVE-2024-40933, CVE-2024-40934, CVE-2024-40935,  CVE-2024-40936, CVE-2024-40937, CVE-2024-40938, CVE-2024-40939,  CVE-2024-40940, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40944, CVE-2024-40945, CVE-2024-40947, CVE-2024-40948,  CVE-2024-40949, CVE-2024-40951, CVE-2024-40952, CVE-2024-40953,  CVE-2024-40954, CVE-2024-40955, CVE-2024-40956, CVE-2024-40957,  CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961,  CVE-2024-40962, CVE-2024-40963, CVE-2024-40964, CVE-2024-40965,  CVE-2024-40966, CVE-2024-40967, CVE-2024-40968, CVE-2024-40969,  CVE-2024-40970, CVE-2024-40971, CVE-2024-40972, CVE-2024-40973,  CVE-2024-40974, CVE-2024-40975, CVE-2024-40976, CVE-2024-40977,  CVE-2024-40978, CVE-2024-40979, CVE-2024-40980, CVE-2024-40981,  CVE-2024-40982, CVE-2024-40983, CVE-2024-40984, CVE-2024-40985,  CVE-2024-40986, CVE-2024-40987, CVE-2024-40988, CVE-2024-40989,  CVE-2024-40990, CVE-2024-40992, CVE-2024-40994, CVE-2024-40995,  CVE-2024-40996, CVE-2024-40997, CVE-2024-40998, CVE-2024-40999,  CVE-2024-41000, CVE-2024-41001, CVE-2024-41002, CVE-2024-41003,  CVE-2024-41004, CVE-2024-41005, CVE-2024-41006, CVE-2024-41009,  CVE-2024-42078, CVE-2024-42148, CVE-2024-42154, CVE-2024-42159,  CVE-2024-42160, CVE-2024-42224, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-45.45~22.04.1

Tag

#dos