Red Hat Security Advisory 2024-7260-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7260.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: net-snmp security update  
Advisory ID:        RHSA-2024:7260-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7260  
Issue date:         2024-09-26  
Revision:           03  
CVE Names:          CVE-2022-24805  
====================================================================

Summary: 

An update for net-snmp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Security Fix(es):

* net-snmp: A buffer overflow in the handling of the INDEX of             NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)

* : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806)

* net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807)

* net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)

* net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808)

* net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-24805

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2103225  
https://bugzilla.redhat.com/show_bug.cgi?id=2104759  
https://bugzilla.redhat.com/show_bug.cgi?id=2104763  
https://bugzilla.redhat.com/show_bug.cgi?id=2104766  
https://bugzilla.redhat.com/show_bug.cgi?id=2104768  
https://bugzilla.redhat.com/show_bug.cgi?id=2104769

Red Hat Security Advisory 2024-7260-03

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Mark Troester, Vice President of Strategy, Progress

September 27, 2024

4 Min Read

Source: Borka Kiss via Alamy Stock Photo

COMMENTARY

The convergence of rising cyber threats, advanced artificial intelligence (AI), remote work, and hybrid infrastructures presents significant cybersecurity challenges in today's IT landscape. As a result, it's necessary to make your endpoints, cloud infrastructure, and remote access channels more secure. As cyber adversaries adopt new tactics, organizations worldwide respond by expanding the use of continuous threat exposure management (CTEM) systems, investing in robust security solutions, and leveraging cross-functional collaboration to mitigate risks and safeguard digital assets effectively.

But like Superman has kryptonite, even the best software has weaknesses, with misconfigurations leading the pack.

Consider this: Microsoft research indicates that a staggering 80% of ransomware attacks can be attributed to common configuration errors in software and devices. 

Misconfigurations now hold an unenviable fifth place on the Open Worldwide Application Security Project Top 10 — a crucial vulnerability reference for the cybersecurity community. OWASP found 208,000 occurrences of common weakness enumeration (CWE) within 90% of applications tested for misconfiguration, highlighting the widespread nature of this vulnerability.

OWASP says, "Without a concerted, repeatable application security configuration process, systems are at a higher risk."

With this evidence, it's no wonder that organizations are paying more attention to "misconfigurations."

**Picture This ... **

You're sitting down with your morning cuppa and stories of a data leak hit the headlines. The company affected is a leading insurance firm, and the personal information of thousands of customers has been made available on the Internet for months. With a little research, you learn that the firm left several customer records unprotected on one of its clouds, making it easy for anyone to access this information through a simple SQL command. While digging through the tabloids you stumble upon the cause of such a tremendously ironic turn of events. Turns out, it was a simple misconfiguration error: The system administrator left the cloud open to the public since they missed updating the privacy settings and permissions for the cloud storage in question.

We learn that human errors, despite stringent protocols, are difficult to control and, consequentially, remove. The increasing complexity of distributed and component-based systems and common misunderstandings of system requirements and design will likely lead to more problems. While humans play a critical role in decision-making and monitoring systems, manual updates are no longer viable.

**So, What Can You Do About It?**

With all that's happening in cybersecurity, can you confidently say you have all your endpoints covered? And by all, I mean all — including the data on third-party systems. If your answer to this is yes, congratulations! You're doing better than most organizations in the world! But if your answer is no, I would like you to consider the following measures to improve the security of your systems: 

1.  Employ automation that extends DevOps from application delivery to IT operations to DevSecOps. Automation is the remedy that will help organizations avoid manual errors. It will allow employees to use their precious time for more important tasks while confirming that initial and ongoing configurations are error-free. By automating audits on configurations, you can create a repeatable system hardening process that will potentially save you a lot of time and money in the future. Automation will enable you to reduce human error, improve reliability, maintain consistency, and support collaboration across teams. It will also give all stakeholders visibility over the security posture of your IT estate.
    
2.  Use a policy-as-code approach to help frame your security and compliance policies or rules. Organizations can configure systems by encoding security rules in human-readable and machine-enforceable policies and continuously checking for and remediating drift. In fact, policy-as-code brings both configuration and compliance management into a single step. This removes the security silo and brings all stakeholders into a shared pipeline and framework, enabling collaboration among team members and allowing for security to be shifted left in the development process. The policy-as-code approach can help detect misconfigurations, increase efficiency and speed, and reduce the risk of production errors.
    

While there is a technical aspect to DevSecOps, there is also a human aspect that involves collaboration and planning. A multiprong approach that starts with collaboration across IT operations and security and compliance teams, while discussing the appropriate external and internal compliance requirements, is a critical starting point.

After understanding the configuration and policies, you can start with pre-packaged policies that align with standards such as the Center for Internet Security (CIS) Benchmarks and the Department of Defense Systems Agency-Security Technical Implementation Guides (DISA-STIG). Consider using an automated system to verify if your configurations are continuously accurate. This, in turn, will allow your organization to address complex and heterogeneous environments, including cloud-native public cloud services, Kubernetes configurations, and any on-premises or hybrid cloud workload.

**About the Author**

Vice President of Strategy, Progress

Mark Troester is the vice president of strategy at Progress. He helped guide the strategic go-to-market efforts for Progress before transitioning into a leadership role for the Progress Infrastructure Management division, which includes DevOps/DevSecOps, network management, network detection and response, and application delivery control offerings. Previously, he worked with both upstarts and stalwarts like Sonatype, SAS, and Progress DataDirect. Before these positions, Mark worked as a developer and developer manager for startups and enterprises alike. Mark has extensive speaking experience on topics at the intersection of business and technology, including industry events hosted by Gartner, Forrester, TDWI, and more.

Could Security Misconfigurations Become No. 1 in OWASP Top 10?

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.
"A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions.

"A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print job is started (from that computer)," security researcher Simone Margaritelli said.

CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems, including ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux.

The list of vulnerabilities is as follows -

*   **CVE-2024-47176** - cups-browsed <= 2.0.1 binds on UDP INADDR\_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker-controlled URL
*   **CVE-2024-47076** - libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker-controlled data to the rest of the CUPS system
*   **CVE-2024-47175** - libppd <= 2.1b1 ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker-controlled data in the resulting PPD
*   **CVE-2024-47177** - cups-filters <= 2.0.1 foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter

A net consequence of these shortcomings is that they could be fashioned into an exploit chain that allows an attacker to create a malicious, fake printing device on a network-exposed Linux system running CUPS and trigger remote code execution upon sending a print job.

"The issue arises due to improper handling of 'New Printer Available' announcements in the 'cups-browsed' component, combined with poor validation by 'cups' of the information provided by a malicious printing resource," network security company Ontinue said.

"The vulnerability stems from inadequate validation of network data, allowing attackers to get the vulnerable system to install a malicious printer driver, and then send a print job to that driver triggering execution of the malicious code. The malicious code is executed with the privileges of the lp user – not the superuser 'root.'"

RHEL, in an advisory, said all versions of the operating system are affected by the four flaws, but noted that they are not vulnerable in their default configuration. It tagged the issues as Important in severity, given that the real-world impact is likely to be low.

"By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems," it said.

Cybersecurity firm Rapid7 pointed out that affected systems are exploitable, either from the public internet or across network segments, only if UDP port 631 is accessible and the vulnerable service is listening.

Palo Alto Networks has disclosed that none of its products and cloud services contain the aforementioned CUPS-related software packages, and therefore are not impacted by the flaws.

Patches for the vulnerabilities are currently being developed and are expected to be released in the coming days. Until then, it's advisable to disable and remove the cups-browsed service if it's not necessary, and block or restrict traffic to UDP port 631.

"It looks like the embargoed Linux unauth RCE vulnerabilities that have been touted as doomsday for Linux systems, may only affect a subset of systems," Benjamin Harris, CEO of WatchTowr, said in a statement shared with The Hacker News.

"Given this, while the vulnerabilities in terms of technical impact are serious, it is significantly less likely that desktop machines/workstations running CUPS are exposed to the Internet in the same manner or numbers that typical server editions of Linux would be."

Satnam Narang, senior staff research engineer at Tenable, said these vulnerabilities are not at a level of a Log4Shell or Heartbleed.

"The reality is that across a variety of software, be it open or closed source, there are a countless number of vulnerabilities that have yet to be discovered and disclosed," Narang said. "Security research is vital to this process and we can and should demand better of software vendors."

"For organizations that are honing in on these latest vulnerabilities, it's important to highlight that the flaws that are most impactful and concerning are the known vulnerabilities that continue to be exploited by advanced persistent threat groups with ties to nation states, as well as ransomware affiliates that are pilfering corporations for millions of dollars each year."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?

The Greeks had their chariots. Patton had his tanks. Now, a handful of soldiers are riding into combat in one of the most unusual-looking vehicles in the history of warfare: an armed Cybertruck.

In a video posted to messaging platform Telegram last week, Ramzan Kadyrov, the leader of Russia’s Chechnya region, showed off a pair of Tesla’s distinctive boxy electric pickup trucks painted forest green and armed with what appear to be Soviet-era DShK 12.7 x 108 mm heavy machine guns—vehicles he claimed had been sent to fight alongside Russian forces taking part in the country’s ongoing invasion of Ukraine.

The footage shows the vehicles patrolling down a dirt road as part of a four-vehicle platoon, with several soldiers manning their weapons mounted on their truck beds and blasting airborne targets out of the sky.

“Mobility, convenience, maneuverability: such qualities of an electric vehicle are in great demand here,” Kadyrov wrote on Telegram.

The new footage came just over a month after Kadyrov published an initial video to Telegram showing off a Cybertruck armed with a Russian Kord 12.7 x 108 mm heavy machine gun. That Cybertruck, Kadyrov claimed in a separate Telegram post made the day before unveiling the fresh pair of vehicles, had recently been disabled “remotely” by Tesla chief Elon Musk, who had previously denied gifting the notorious warlord the vehicle in the first place, likely because it’s prohibited under US sanctions on Russia.

“This is not manly,” Kadyrov seethed on Telegram over the remote shutoff. (Tesla did not immediately respond to WIRED’s request for comment.)

It was only a matter of time before some enterprising combatant somewhere slapped a machine gun on a Cybertruck. Both regular militaries and irregular forces around the world have been whipping up “technicals”—or “nonstandard tactical vehicles” improvised from civilian rides—for more than a century. While the general concept of armored cars outfitted with firearms presaged the outbreak of World War I by at least a decade, the conflict accelerated their production and fielding—and, in moments of necessity, innovation. In one of the earliest documented manifestations of the technical, French navy lieutenant Maxime François Émile Destremau prepared a defense of the strategically important coaling station in the city of Papeete in Tahiti against a pair of German cruisers in September 1914 by tearing six 37 mm cannons off the warship under his command and mounting them on six Ford trucks to repel potential landing parties, according to the 2004 book _On Armor_. As long as the automobile has existed, so has the technical.

The technical as most defense observers know it, built on commercial flatbed pickup trucks like the rugged and reliable Toyota Hilux and Land Cruiser, became a fixture of modern irregular warfare during the so-called “Toyota War” of the 1980s that saw militia forces from Chad achieve a decisive victory over the Libyan military thanks to the superior mobility and maneuverability afforded by their lightweight vehicles. (Chadian forces discovered that, at an appropriately high speed, technicals could traverse open areas mined with Soviet-era munitions without risk of setting them off.)

Since then, technicals have become a fixture of conflicts like the US military campaigns in Afghanistan and Iraq, the Syrian and Libyan Civil Wars, and now the Russian invasion of Ukraine. And those conflicts continued to prompt a flurry of novel innovations when it comes to improvised fighting vehicles. Examples include Libyan militants mounting a S-5 rocket pod meant for an aircraft on the back of a truck and a Land Cruiser outfitted with a Russian-made 14.5 mm ZPU-2 antiaircraft gun that American soldiers traded two cans of chewing tobacco for to secure Hamid Karzai International Airport in Kabul during the US withdrawal from Afghanistan in 2021—the latter of which is now in a US military museum. (Does a DShK on a shopping cart count as a technical? That’s up for debate.)

All of those innovations open up the question: Will an armed Cybertruck actually make for a good technical on the battlefield?

Despite the many issues that have plagued the Cybertruck since its release, the vehicle isn’t necessarily the worst option. While the Cybertruck currently has a maximum range of 340 miles (or 500 miles with an extra battery pack)—well behind the roughly 570- to 700-mile range of the Hilux—the former is actually quicker, capable of accelerating up to 60 mph between 2.6 and 3.9 seconds, depending on the model, a noteworthy achievement given the vehicle’s size and weight.

In terms of safeguarding its occupants from external threats like small arms fire, the Cybertruck’s steel “exoskeleton” offers purportedly superior protection to that of the conventional pickup truck, a feature that Tesla has been quick to flaunt on promotional materials. Finally, the Cybertruck, as an electric vehicle, is freakishly quiet, offering an element of stealth that the US Defense Department in particular has eyed in recent years compared to other fossil-fuel-powered ground vehicles.

“There are some attributes that work,” David Tracy, a cofounder of the car website The Autopian and a former auto engineer, tells WIRED. “It’s off-road capable and has big 35-inch tires and good ground clearance. It has stainless steel panels that can take some amount of abuse. From a defense standpoint—as in, ‘How safe am I in the vehicle?’—if you were to take a stock Hilux or a stock Cybertruck, the Cybertruck would probably be the better choice in a firefight.”

If technicals are built for speed and maneuverability, then the Cybertruck “offers significant benefits over the Hilux,” Tracy says.

“It is absolutely, absurdly quick,” he says. “In a drag race between the two, the Hilux would be an ant in the Cybertruck’s rearview mirror. If you need speed and agility, and it isn’t necessarily going through rigorous off-roading or being fired upon regularly, then it could actually work fine.”

Despite these potential tactical benefits, defense analysts aren’t convinced the Cybertruck has a place on the modern battlefield. As retired Marine colonel Mark Cancian, a senior adviser at the Center for Strategic and International Studies think tank, tells WIRED, the armed vehicles flaunted by Kadyrov on Telegram “are totally cool and totally useless.”

“They are cool because they look like something out of a video game and portray Kadyrov as a sort of futuristic warlord,” Cancian tells WIRED in an email. “They are useless because they don't provide a new capability, except perhaps a bit of stealth.”

Indeed, the Cybertruck is not totally suited for hostile and chaotic environments like the front lines of the Russian invasion of Ukraine. First, the EV’s exoskeleton actually consists of steel panels attached to a standard “unibody” frame that’s more akin to the chassis of a conventional car rather than the “body-on-frame” design of most pickup trucks like the Hilux. This design, according to Motor Trend, makes the former a weaker and less resilient vehicle. Second, while the Cybertruck is certainly off-road capable, it’s still significantly heavier than Hilux, which can make maneuverability and traction on rough terrain a challenge. Third, while its armor portends to offer at least some additional coverage compared to the conventional pickup truck-based technical, the vehicle’s bulletproofing only appears to work with subsonic rounds like the .45 ACP ammo used in Tesla’s tests and not the ubiquitous NATO-standard 5.56 mm round or, say, a shot from a .50 caliber rifle. (Though, to be fair, aftermarket armor packages for the vehicle do exist.)

Beyond design and engineering challenges, there’s also the critical matter of maintenance and logistics, the lifeblood of any motorized conflict. As Tracy points out, the Cybertruck’s unique complexity and software-forward design (like the lack of a physical connection between steering wheel and wheels) means a distinct lack of spare parts and higher potential for catastrophic system failures, challenges that all but guarantee that the vehicle is unable to operate reliably and ensure consistent uptime—not necessarily ideal for troops whose lives may depend on them.

“Simplicity is everything; simplicity and parts availability,” Tracy says. “If you’re driving a complex vehicle and there’s a failure of some sort and you need someone to flash it with a computer, you’re hosed if you’re in the middle of nowhere. The beauty of the Hilux is that they’re very tough, for one, but they can be repaired with simple tools and fairly ubiquitous parts. The Cybertruck does not really make a whole lot of sense in that regard.”

“It’s great that it is safe in a crash and can take a bullet,” he adds. “But if you break a control arm and can’t get the part, it’s pretty useless.”

Plus, the Cybertruck’s reliance on charging stations would make a fleet of armed vehicles “likely impossible to support” in any sort of protracted conflict like that taking place in Ukraine, according to CSIS’s Cancian.

“I doubt there are garages or mechanics near the front lines who can fix these complex devices, which are so unlike the fossil fuel vehicles that the region is accustomed to,” he says. “Further, I doubt there are many recharging stations in the battle area. Unlike with fossil fuel vehicles, where the fuel can be brought to the vehicle if necessary, the Cybertrucks must go to the recharging point.”

How the Cybertruck will actually perform in a combat situation remains to be seen. But if the Kadyrov video is any indication, it’s only a matter of time before an armed Cybertrucks makes the transition from YouTube sensation to tried-and-true, battle-tested technical.

Tesla’s Cybertruck Goes, Inevitably, to War

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling.
The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling.

The development marks the first time the malware has been deployed using this method, a departure from previously observed delivery vectors such as compromised or fake websites, or phishing emails bearing PDF attachments or macro-laced Microsoft Excel documents.

"HTML smuggling is primarily a payload delivery mechanism," Netskope researcher Nikhil Hegde said in an analysis published Thursday. "The payload can be embedded within the HTML itself or retrieved from a remote resource."

The HTML file, in turn, can be propagated via bogus sites or malspam campaigns. Once the file is launched via the victim's web browser, the concealed payload is decoded and downloaded onto the machine.

The attack subsequently banks on some level of social engineering to convince the victim to open the malicious payload.

Netskope said it discovered HTML pages mimicking TrueConf and VK in the Russian language that when opened in a web browser, automatically download a password-protected ZIP archive to disk in an attempt to evade detection. The ZIP payload contains a nested RarSFX archive that ultimately leads to the deployment of the DCRat malware.

First released in 2018, DCRat is capable of functioning as a full-fledged backdoor that can be paired with additional plugins to extend its functionality. It can execute shell commands, log keystrokes, and exfiltrate files and credentials, among others.

Organizations are recommended to review HTTP and HTTPS traffic to ensure that systems are not communicating with malicious domains.

The development comes as Russian companies have been targeted by a threat cluster dubbed Stone Wolf to infect them with Meduza Stealer by sending phishing emails masquerading as a legitimate provider of industrial automation solutions.

"Adversaries continue to use archives with both malicious files and legitimate attachments which serve to distract the victim," BI.ZONE said. By using the names and data of real organizations, attackers have a greater chance to trick their victims into downloading and opening malicious attachments."

It also follows the emergence of malicious campaigns that have likely leveraged generative artificial intelligence (GenAI) to write VBScript and JavaScript code responsible for spreading AsyncRAT via HTML smuggling.

"The scripts' structure, comments and choice of function names and variables were strong clues that the threat actor used GenAI to create the malware," HP Wolf Security said. "The activity shows how GenAI is accelerating attacks and lowering the bar for cybercriminals to infect endpoints."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host.
The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and

Container Security / Cloud Computing

A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host.

The vulnerability, tracked as **CVE-2024-0132**, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and NVIDIA GPU Operator version 24.6.2.

"NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system," NVIDIA said in an advisory.

"A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."

The issue impacts all versions of NVIDIA Container Toolkit up to and including v1.16.1, and Nvidia GPU Operator up to and including 24.6.1. However, it does not affect use cases where Container Device Interface (CDI) is used.

Cloud security firm Wiz, which discovered and reported the flaw to NVIDIA on September 1, 2024, said it would allow an attacker who controls the container images run by the Toolkit to perform a container escape and gain full access to the underlying host.

In an hypothetical attack scenario, a threat actor could weaponize the shortcoming by creating a rogue container image that, when run on the target platform either directly or indirectly, grants them full access to the file system.

This could materialize in the form of a supply chain attack where the victim is tricked into running the malicious image, or, alternatively, via services that allow shared GPU resources.

"With this access, the attacker can now reach the Container Runtime Unix sockets (docker.sock/containerd.sock)," security researchers Shir Tamari, Ronen Shustin, and Andres Riancho said.

"These sockets can be used to execute arbitrary commands on the host system with root privileges, effectively taking control of the machine."

The problem poses a severe risk to orchestrated, multi-tenant environments, as it could permit an attacker to escape the container and obtain access to data and secrets of other applications running on the same node, and even the same cluster.

Technical aspects of the attack have been withheld at this stage to prevent exploitation efforts. It's highly recommended that users take steps to apply the patches to safeguard against potential threats.

"While the hype concerning AI security risks tends to focus on futuristic AI-based attacks, 'old-school' infrastructure vulnerabilities in the ever-growing AI tech stack remain the immediate risk that security teams should prioritize and protect against," the researchers said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

Source: devilmaya via Alamy Stock Photo

A small group of transportation and logistics companies in North America has been targeted in cunning business email compromise (BEC) attacks.

Since May, an unknown threat actor has weaponized at least 15 email accounts associated with its targeted companies. In a blog published on Sept. 24, Proofpoint researchers could not say how the threat actor first obtained access to these accounts. What is known is that the attacker is using the accounts to bury initial access malware inside of existing email chains, betting that recipients will have their guards down so deep into ongoing conversations with colleagues.

"Thread hijacking is obviously very effective," says Daniel Blackford, director of threat research for Proofpoint. "Once an account takeover has happened, this increased legitimacy makes it much harder for anyone but those who are the most vigilant" to spot it.

**Bespoke Phishing Attacks**

From May to July, the threat actor primarily hid payloads inside of Google Drive files leading to Internet shortcut (URL) files. When executed, the attack chain uses server message block (SMB) to retrieve an executable file from a remote share, which installs one of a number of different, known malware tools. Among them: Lumma, the most common infostealer in the world today; StealC; and the legitimate tool NetSupport.

In August, the attacker shifted to using the "ClickFix" technique for tricking victims into downloading its malware. With ClickFix, a malicious webpage presents the victim with a fake pop-up error message. Through a series of dialogue boxes, the victim is instructed to copy and paste a supposed fix for the issue into a PowerShell terminal or Windows Run. In fact, the so-called fix is a script, which downloads and runs an executable. In these recent phishing attempts, the executables for download included DanaBot and Arechclient2 (aka SectopRAT).

Why ClickFix works at all — despite asking for much more active engagement and technical monkeying from the victim — can seem confounding.

"The human psychology behind why really convoluted attack chains work continues to astonish me on a yearly basis," Blackford admits. He does, though, have a theory. "Something that I've heard is that it can be annoying to deal with IT, so if the 'solution' is right in front of you, and you don't have to communicate with a help desk and have people remote into your to your system to fix them, then maybe it's actually less trouble to just try to execute it yourself."

**Why Transport and Logistics Make Attractive Targets**

Various threat actors have disguised ClickFix behind fake Windows and Chrome updates. In this case, the attacker impersonated Samsara, AMB Logistics, and Astra TMS, platforms highly specialized for fleet and freight management, demonstrating the highly targeted nature of the campaign.

As Blackford notes, transport and logistics companies can make attractive targets for financially motivated cyberattacks. "They do business with lots of entities — suppliers for a lot of industrial manufacturers, for example," he says. "They're going to be corresponding with a lot of different companies. There's going to be a lot of moving parts — a lot of things in and out, constantly moving — so a lot of opportunities to find connected, future victims from just one company."

With fertile ground to sneak in amongst the many moving players and deals, he notes, "There are requests for quotes and invoices that are of a fairly large magnitude — that are, in terms of the finances involved, maybe an order of magnitude higher than in some other industries."

He adds that, while rare, "There also is some evidence recently of threat actors trying to redirect legitimate shipments to locations that are under their control."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

PRESS RELEASE

NEW YORK, September 24, 2024 –Torq, the AI-first security hyperautomation leader, today announced the closing of its $70M Series C funding round, led by Evolution Equity Partners, with Bessemer Venture Partners, Notable Capital, Greenfield Partners, and Strait Capital participating. Combined with Torq’s expanded Series B in January, Torq has raised a total of $112m in 2024, bringing the company’s funding since its 2020 inception to $192M. It also has also established an aggressive 2026 ARR target of $100M. Torq will use the new round to increase expansion across EMEA and APAC, hire additional world class engineering, R&D, and sales talent, and double down on devoting more resources to deliver cutting-edge generative AI enhancements.

In addition, Torq announced that it more than tripled its revenue and customer growth for the second year in a row. Torq’s momentum reflects the elevating enterprise adoption of the recently-announced Torq HyperSOC, a purpose-built solution that harnesses the power of the AI-driven Torq Hyperautomation Platform to automate, manage, and monitor critical SOC responses at machine speed. It uses Natural Language Processing (NLP) to initiate and accelerate security event investigation, triage, and remediation at scale, deliver comprehensive case management capabilities with unprecedented ease, and automate complex processes. Torq HyperSOC saves analysts from alert fatigue and job burnout so they can focus on strategic security initiatives and innovation. 

**Rapid Global Enterprise Adoption**

Torq’s customer base includes major multinational enterprise customers, including Abnormal Security, Armis, Blackstone, Carvana, Check Point Security, Chipotle, Deepwatch, Lemonade, Lennar, Nubank, Rivian, SentinelOne, Telefonica, Wiz, and ZoomInfo, as well as Fortune 100 consumer packaged goods, fashion, financial, hospitality, and sports apparel companies.

“Our Series C round underlines the fact that Torq customers, partners, and employees have combined into one of the most powerful, influential, and fastest-growing ecosystems in all of cybersecurity,” said Ofer Smadari, CEO and co-founder, Torq. “We’ve rewritten the rules of the industry with Torq Hyperautomation and Torq HyperSOC, and our momentum reflects that shift. Torq has blown past all the frustrating, manual limitations of legacy SOAR that leave significant holes in the security perimeter. Torq plugs all those holes by delivering a new layer of AI-driven protection, all while making all of security operations more productive than ever.”

“Today, Torq HyperSOC investigates, triages, and remediates many of Check Point’s internal security alerts without any human intervention,” said Jonathan Fischbein CISO, Check Point. “If an alert meets certain parameters based on organizational security policies, the platform takes relevant predefined steps, such as initiating an MFA challenge or locking out a suspicious user. We can react automatically to problems before they become security incidents.”

“The incredible growth, customer traction, and industry momentum Torq Hyperautomation and Torq HyperSOC are experiencing showcases how Torq is dramatically transforming cybersecurity for the better,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “Evolution is incredibly proud to back Torq as it continues to deliver such deep value for security operations teams worldwide. It’s now no longer a question of if, but when every enterprise will adopt AI-driven hyperautomation.”

Torq’s customer base also continues to rapidly grow due to the success of the Torq Partner Acceleration Program, which includes many of the world’s leading channel and security vendors. Torq tech alliance partners include Abnormal Security, Check Point, CrowdStrike, SentinelOne, Snyk, and Wiz. Its reseller and VAR ecosystem includes GuidePoint Security, Optiv, Stratascale, and Trace3.

“Torq is a rising star in cybersecurity,” said Oren Yunger, Managing Partner, Notable Capital. “Torq HyperSOC’s advanced AI capabilities are having a dramatic, positive impact on security operations teams worldwide by making them vastly more efficient and resilient than ever. Torq represents the next-generation of security operations and Notable Capital is certain the future is phenomenally bright for the company.”

**Key Analysts Unanimously Validate Torq Hyperautomation**

Analysts including Gartner, Forrester, IDC, and GigaOm all covered Torq Hyperautomation during 2024, with unanimous perspectives on the positive impact it’s making for customers.

“Every day, IDC is engaged with SOC professionals who communicate the existential challenges they’re facing, both in terms of keeping up with ever-escalating threat complexity and volume, and the incredible burden that places on the shoulders of their teams,” said Chris Kissel, Vice President, Security & Trust Products, IDC Research. “Torq is the first solution we’ve seen that effectively enables SOC professionals to mitigate issues including alert fatigue, false positives, staff burnout, and attrition. We are also impressed by how its AI augmentation capabilities empower these staff members to be much more proactive about fortifying the security perimeter.”

“Torq offers an extensive feature set, as reflected in its high scores across most of the key criteria, including case management, and collaboration, automated alert prioritization, triage and curation, autonomous operations, and validation and red teaming, and has acquired an impressive portfolio of customers,” said GigaOm in a 2024 Radar Report.

Learn more about Torq at Torq.io.

**About Torq**

Torq is transforming cybersecurity with its AI-first  enterprise-grade hyperautomation platform. By connecting the entire security infrastructure stack, Torq empowers organizations to instantly and precisely remediate security events, and orchestrate complex security processes at scale. Fortune 500 enterprises, including the world’s biggest financial, technology, consumer packaged goods, fashion, hospitality, and sports apparel companies are experiencing extraordinary outcomes with Torq.

Torq Announces $70M Series C Bringing Total 2024 Funding to $112M

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.

Thursday, September 26, 2024 14:00

The recent attacks in the Middle East triggering explosions on pagers has raised new fears around physical hardware supply chain attacks. 

In cybersecurity, we typically consider supply chain attacks to target software, in which adversaries infect a legitimate tool with a malicious, fake update that then spreads malware to affected devices. Think SolarWinds, Log4j, MOVEit, etc. 

In the case of hardware supply chain attacks, malicious actors infiltrate the supply of devices, or the physical manufacturing process of pieces of hardware and purposefully build in security flaws, faulty parts, or backdoors they know they can take advantage of in the future, such as malicious microchips on a circuit board.  

For Cisco’s part, the Cisco Trustworthy technologies program, including secure boot, Cisco Trust Anchor module (TAm), and runtime defenses give customers the confidence that the product is genuinely from Cisco. 

As I was thinking about the threat of hardware supply chain attacks, I was left wondering who, exactly, should be tasked with solving this problem. And I think I’ve decided the onus falls on several different sectors. 

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process. Entering a manufacturing facility or other stops along the logistics chain would require some level of network-level manipulation, such as faking a card reader or finding a way to trick physical defenses — that’s why Cisco Talos Incident Response looks for these types of things in Purple Team exercises.  

But it’s also a question of logistics and storage. Could a device be tampered with while it’s just being stored in a warehouse awaiting shipment? What about entering the back of a tractor-trailer that’s hauling the devices? Or even just being able to sneak photos of the devices’ information, say, for example, the EID on a cellphone or its SIM card.  

The process to protect against supply chain hardware attacks is not straightforward, unfortunately. There is little synchronization and partnership between logistics, cybersecurity, and manufacturing companies.  

There are also new technologies that can protect against physical tampering, like smart containers, real-time monitoring systems and automated security checkpoints, but these are all expensive solutions for security teams (at the physical and network levels) that are already stretched for budget and human capital.  

The cybersecurity industry certainly has a role to play in addressing supply chain attacks of all kinds, but it’s also not something this community alone can solve.  

**The one big thing **

Attackers are abusing features of legitimate internet websites to transmit spam. This web infrastructure and its associated email infrastructure are otherwise used for legitimate purposes, which makes blocking these messages more difficult for defenders, according to new research from Talos.  

**Why do I care? **

As a spammer, one of the problems with spinning up your own architecture to deliver mail is that once the spam starts flowing, these sources (IPs/domains) can be blocked. Realizing this, many spammers have elected to attack webpages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited emails. Adversaries are still finding new ways to leverage preexisting tools and structures in email systems to send spam and malicious attachments that defenders wouldn’t normally consider.  

**So now what? **

There are several steps users can take to avoid receiving large amounts of spam or being duped by bad actors using “traditional” email tools. A strong password for your email account, or even better, a password manager, can keep your email account secure. When someone is using unique credentials everywhere, one single compromised account will not impact any other online accounts belonging to that victim. For admins and defenders, educating your users to be wary of such email messages is a good way to prevent them from falling victim to phishing and other attacks that arrive by email. 

**Top security headlines of the week **

**Representatives from cybersecurity company CrowdStrike spoke to U.S. Congress this week about a faulty update that shut down Windows machines across the country earlier this year.** The incident caused disruptions across multiple industries, including commercial flights, public transportation, retail and more. Lawmakers questioned whether the affected software should have access to core systems on computers, and the threat that AI-written code could present in the future. Executives from CrowdStrike took responsibility for the outage. They said the company was doing everything possible to prevent a similar incident from happening again and executing a broad “lessons learned” process. The incident forced over 8 million Microsoft Windows machines into the dreaded “Blue Screen of Death.” For the first 24 hours of the incident, rebooting the systems only worked if the user carried out a specific process that was complicated and needed to be explained by an expert. Eventually, an automatic update rolled out and fixed the issue. (Washington Post, BBC) 

**Security researchers have discovered a new Iranian state-sponsored actor that is providing initial access for other well-known APTs in the same country.** UNC1860 is believed to have ties to Iran’s Ministry of Intelligence and Security (MOIS) and provides access to other Iranian threat actors like OilRig and Scarred Manticore. The group’s focus is reportedly solely focused on breaching networks and obtaining an initial foothold, targeting a range of sectors including government, media, education, critical infrastructure and telecommunications. Researchers say UNC1860 has teamed up for attacks targeting organizations in Iraq, Saudi Arabia and Qatar, and laid the groundwork for wiper attacks in Albania and Israel. The group’s activities had gone largely undetected thus far because their implants are entirely passive, and don’t send any information out of the target network. The APT also doesn’t rely on any kind of command and control (C2) infrastructure. (Dark Reading, SecurityWeek) 

**Popular AI chat tool ChatGPT contains a flaw that could allow adversaries to implant false “memories” and steal user data in perpetuity.** A security researcher discovered a proof of concept in which they could store false information and malicious instructions in a user’s long-term memory settings through indirect prompt injection. The researcher first reported the vulnerability to OpenAI, the creator of ChatGPT, in May, but at the time the issue was labeled as a safety issue and not a security issue, closing out the case. After developing the POC, the company eventually released a partial fix earlier this month that prevents memories from being abused as an exfiltration vector. However, an adversary could still implant long-term information into ChatGPT through prompt injections targeting the memory tool, just not through the traditional ChatGPT web interface that most users access the tool through. (Ars Technica, wunderwuzzi's blog) 

**Can’t get enough Talos? ****Upcoming events where you can find Talos**

**VB2024** **(Oct. 2 - 4)** 

_Dublin, Ireland_ 

**MITRE ATT&CKcon 5.0** **(Oct. 22 - 23)** 

_McLean, Virginia and Virtual_

Nicole Hoffman and James Nutland will provide a brief history of Akira ransomware and an overview of the Linux ransomware landscape. Then, morph into action as they take a technical deep dive into the latest Linux variant using the ATT&CK framework to uncover its techniques, tactics and procedures.

**misecCON** **(Nov. 22)** 

_Lansing, Michigan_

Terryn Valikodath from Cisco Talos Incident Response will explore the core of DFIR, where digital forensics becomes detective work and incident response turns into firefighting.

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91    
**MD5:** 7bdbd180c081fa63ca94f9c22c457376   
**Typical Filename:** c0dwjdi6a.dll   
**Claimed Product:** N/A    
**Detection Name:** Trojan.GenericKD.33515991 

**SHA 256:** 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca   
**MD5:** 71fea034b422e4a17ebb06022532fdde   
**Typical Filename:** VID001.exe   
**Claimed Product:** N/A   
**Detection Name:** RF.Talos.80 

**SHA 256:** 76491df69a26019139ac11117cd21bf5d0257a5ebd3d67837f558c8c9c3483d8   
**MD5:** b209df2951e29ab5eab4009579b10b8d  
**Typical Filename:** FileZilla\_3.67.1\_win64\_sponsored2-setup.exe   
**Claimed Product:** FileZilla   
**Detection Name:** W32.76491DF69A-95.SBX.TG 

**SHA 256:** 5e537dee6d7478cba56ebbcc7a695cae2609010a897d766ff578a4260c2ac9cf   
**MD5:** 2cfc15cb15acc1ff2b2da65c790d7551   
**Typical Filename:** rcx4d83.tmp   
**Claimed Product:** N/A     
**Detection Name:** Win.Dropper.Pykspa::tpd 

**SHA 256:** 581866eb9d50265b80bae4c49b04f033e2019797131e7697ca81ae267d1b4971   
**MD5:** 4c5fdfd4868ac91db8be52a9955649af   
**Typical Filename:** N/A   
**Claimed Product:** N/A   
**Detection Name:** W32.581866EB9D-100.SBX.TG

Are hardware supply chain attacks “cyber attacks?”

Ubuntu Security Notice 7003-4 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7003-4September 26, 2024linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi: Linux kernel for Raspberry Pi systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - MIPS architecture;  - PowerPC architecture;  - x86 architecture;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Pin controllers subsystem;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - JFFS2 file system;  - JFS file system;  - File systems infrastructure;  - NILFS2 file system;  - IOMMU subsystem;  - Sun RPC protocol;  - Netfilter;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - NET/ROM layer;  - Network traffic control;  - SoC Audio for Freescale CPUs drivers;(CVE-2024-41034, CVE-2024-40984, CVE-2024-40987, CVE-2024-42119,CVE-2024-42224, CVE-2024-42101, CVE-2024-42096, CVE-2024-41095,CVE-2024-42087, CVE-2024-42104, CVE-2024-42148, CVE-2024-39495,CVE-2024-40980, CVE-2024-42223, CVE-2024-40961, CVE-2024-40988,CVE-2024-42127, CVE-2024-42090, CVE-2024-42236, CVE-2024-40995,CVE-2024-41007, CVE-2024-40968, CVE-2024-40901, CVE-2024-42097,CVE-2024-41041, CVE-2024-36974, CVE-2024-42115, CVE-2024-40978,CVE-2024-38619, CVE-2024-41049, CVE-2024-41035, CVE-2024-41044,CVE-2024-42154, CVE-2024-39499, CVE-2024-42070, CVE-2024-40959,CVE-2024-39487, CVE-2024-42157, CVE-2024-40916, CVE-2024-42076,CVE-2024-41087, CVE-2024-42094, CVE-2024-42124, CVE-2024-40905,CVE-2024-42145, CVE-2024-40963, CVE-2024-36894, CVE-2024-40942,CVE-2024-42092, CVE-2024-42153, CVE-2024-41089, CVE-2024-40912,CVE-2023-52887, CVE-2024-40934, CVE-2024-41006, CVE-2024-39501,CVE-2024-42084, CVE-2024-39506, CVE-2024-39509, CVE-2024-40943,CVE-2024-42106, CVE-2024-42093, CVE-2024-40902, CVE-2024-42086,CVE-2024-40958, CVE-2024-39502, CVE-2024-42232, CVE-2024-42089,CVE-2024-37078, CVE-2024-39469, CVE-2024-41046, CVE-2024-42102,CVE-2024-40974, CVE-2024-39505, CVE-2024-40960, CVE-2024-42105,CVE-2024-40932, CVE-2024-40904, CVE-2024-40981, CVE-2024-39503,CVE-2024-41097, CVE-2024-40941, CVE-2024-36978, CVE-2023-52803,CVE-2024-40945)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1116-raspi    5.4.0-1116.128  linux-image-raspi               5.4.0.1116.146  linux-image-raspi-hwe-18.04     5.4.0.1116.146  linux-image-raspi2              5.4.0.1116.146  linux-image-raspi2-hwe-18.04    5.4.0.1116.146After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7003-4  https://ubuntu.com/security/notices/USN-7003-3  https://ubuntu.com/security/notices/USN-7003-2  https://ubuntu.com/security/notices/USN-7003-1  CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,  CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,  CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,  CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,  CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,  CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,  CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,  CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,  CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,  CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,  CVE-2024-42236Package Information:  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1116.128

Tag

#mac