SB20240711208 - Ubuntu update for linux-oem-6.5
Published: July 11, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 124 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2023-6356)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2023-6535)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2023-6536)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
4) Information disclosure (CVE-ID: CVE-2022-0001)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
5) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-2201)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.
6) Off-by-one (CVE-ID: CVE-2024-23849)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
7) Race condition (CVE-ID: CVE-2024-24860)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
8) Improper locking (CVE-ID: CVE-2023-52635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2024-26632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/bio.h. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2023-52468)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the class_register() function in drivers/base/class.c. A local user can escalate privileges on the system.
11) NULL pointer dereference (CVE-ID: CVE-2023-52472)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rsa_check_exponent_fips() function in crypto/rsa.c. A local user can perform a denial of service (DoS) attack.
12) Improper locking (CVE-ID: CVE-2023-52589)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rkisp1_isp_stop() function in drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c, within the rkisp1_csi_disable() function in drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c. A local user can perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2024-26671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
14) Resource management error (CVE-ID: CVE-2024-26640)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
15) Race condition within a thread (CVE-ID: CVE-2024-26631)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.
16) Race condition (CVE-ID: CVE-2023-52489)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
17) Improper Initialization (CVE-ID: CVE-2023-52616)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2023-52445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
19) NULL pointer dereference (CVE-ID: CVE-2023-52463)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2024-26610)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
21) Resource exhaustion (CVE-ID: CVE-2023-52497)
The vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
22) Buffer overflow (CVE-ID: CVE-2023-52453)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hisi_acc_vf_resume_write() and hisi_acc_vf_save_read() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
23) NULL pointer dereference (CVE-ID: CVE-2023-52470)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
24) NULL pointer dereference (CVE-ID: CVE-2024-26649)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfx_v10_0_init_microcode() function in drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2023-52583)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2024-26644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
27) NULL pointer dereference (CVE-ID: CVE-2023-52607)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
28) Improper locking (CVE-ID: CVE-2023-52587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2024-26594)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling SMB2 Mech Tokens. A remote attacker can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory on the system.
30) Buffer overflow (CVE-ID: CVE-2023-52618)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2023-52495)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pmic_glink_altmode_sc8180xp_notify() and pmic_glink_altmode_sc8280xp_notify() functions in drivers/soc/qcom/pmic_glink_altmode.c. A local user can perform a denial of service (DoS) attack.
32) Improper locking (CVE-ID: CVE-2023-52632)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mutex_unlock() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
33) Race condition (CVE-ID: CVE-2024-26583)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
34) Resource management error (CVE-ID: CVE-2023-52633)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
35) Improper locking (CVE-ID: CVE-2023-52591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
36) Input validation error (CVE-ID: CVE-2024-26633)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
37) NULL pointer dereference (CVE-ID: CVE-2023-52627)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2024-26670)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2024-26598)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
40) Use-after-free (CVE-ID: CVE-2024-26592)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in
ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.
41) NULL pointer dereference (CVE-ID: CVE-2023-52473)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the device_del() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
42) Improper locking (CVE-ID: CVE-2023-52623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2023-52446)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_free_deferred() and bpf_map_put() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
44) NULL pointer dereference (CVE-ID: CVE-2023-52443)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
45) Out-of-bounds read (CVE-ID: CVE-2023-52451)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
46) Improper locking (CVE-ID: CVE-2024-26629)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
47) Buffer overflow (CVE-ID: CVE-2023-52462)
The vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a boundary error within the check_stack_write_fixed_off() function in kernel/bpf/verifier.c. A local user can trigger memory corruption and crash the kernel.
48) Expired pointer dereference (CVE-ID: CVE-2024-26808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
49) Resource management error (CVE-ID: CVE-2023-52598)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
50) Buffer overflow (CVE-ID: CVE-2023-52611)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtw_sdio_get_tx_addr() function in drivers/net/wireless/realtek/rtw88/sdio.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2023-52492)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
52) Improper locking (CVE-ID: CVE-2023-52456)
The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the imx_uart_stop_tx() function in drivers/tty/serial/imx.c. A local user can crash the OS kernel.
53) Out-of-bounds read (CVE-ID: CVE-2023-52626)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlx5e_ptp_handle_ts_cqe() function in drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c. A local user can perform a denial of service (DoS) attack.
54) Buffer overflow (CVE-ID: CVE-2023-52455)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption within the of_iommu_get_resv_regions() function in drivers/iommu/of_iommu.c. A local user can execute arbitrary code.
55) Access of Uninitialized Pointer (CVE-ID: CVE-2024-26641)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
56) Resource management error (CVE-ID: CVE-2023-52588)
The vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.
57) Resource management error (CVE-ID: CVE-2023-52608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_poll_done() function in drivers/firmware/arm_scmi/shmem.c, within the rx_callback() function in drivers/firmware/arm_scmi/mailbox.c. A local user can perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2024-26618)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fpsimd_release_task() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
59) Use-after-free (CVE-ID: CVE-2024-26582)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/tls/tls_sw.c during partial reads and async decrypt. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
60) Race condition (CVE-ID: CVE-2023-52609)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
61) Out-of-bounds read (CVE-ID: CVE-2023-52604)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
62) Buffer overflow (CVE-ID: CVE-2024-26646)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hfi_parse_features() and intel_hfi_init() functions in drivers/thermal/intel/intel_hfi.c. A local user can escalate privileges on the system.
63) Improper error handling (CVE-ID: CVE-2024-26634)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the default_device_exit_net() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
64) Use-after-free (CVE-ID: CVE-2023-52469)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
65) NULL pointer dereference (CVE-ID: CVE-2023-52467)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the of_syscon_register() function in drivers/mfd/syscon.c. A local user can perform a denial of service (DoS) attack.
66) Use-after-free (CVE-ID: CVE-2023-52447)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in
bpf. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
67) NULL pointer dereference (CVE-ID: CVE-2024-26623)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pdsc_setup(), pdsc_stop() and pdsc_fw_down() functions in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pds_core_intr_credits(), pdsc_adminq_isr(), pdsc_adminq_post() and queue_work() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
68) Reachable assertion (CVE-ID: CVE-2023-52621)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2024-26647)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the link_set_dsc_pps_packet() function in drivers/gpu/drm/amd/display/dc/link/link_dpms.c. A local user can perform a denial of service (DoS) attack.
70) NULL pointer dereference (CVE-ID: CVE-2024-26615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
71) NULL pointer dereference (CVE-ID: CVE-2023-52450)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.
72) Buffer overflow (CVE-ID: CVE-2023-52619)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
73) Memory leak (CVE-ID: CVE-2023-52610)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
74) Buffer overflow (CVE-ID: CVE-2023-52606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
75) Out-of-bounds write (CVE-ID: CVE-2023-52464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
76) NULL pointer dereference (CVE-ID: CVE-2023-52465)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_probe() function in drivers/power/supply/qcom_pmi8998_charger.c. A local user can perform a denial of service (DoS) attack.
77) Use of uninitialized resource (CVE-ID: CVE-2024-26638)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __sock_xmit() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
78) Improper locking (CVE-ID: CVE-2023-52498)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
79) Use-after-free (CVE-ID: CVE-2024-26625)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
80) NULL pointer dereference (CVE-ID: CVE-2023-52449)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.
81) Use-after-free (CVE-ID: CVE-2023-52584)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_spmi_probe() and mtk_spmi_remove() functions in drivers/spmi/spmi-mtk-pmif.c. A local user can escalate privileges on the system.
82) NULL pointer dereference (CVE-ID: CVE-2023-52454)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
83) NULL pointer dereference (CVE-ID: CVE-2023-52458)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
84) Race condition (CVE-ID: CVE-2024-26585)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.
85) Memory leak (CVE-ID: CVE-2024-26669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.
86) Improper locking (CVE-ID: CVE-2023-52493)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
87) Incorrect calculation (CVE-ID: CVE-2024-26645)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
88) NULL pointer dereference (CVE-ID: CVE-2024-26607)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.
89) Improper locking (CVE-ID: CVE-2023-52615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
90) Resource management error (CVE-ID: CVE-2023-52617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
91) Resource management error (CVE-ID: CVE-2024-26612)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL() function in fs/fscache/cache.c. A local user can perform a denial of service (DoS) attack.
92) Integer overflow (CVE-ID: CVE-2024-26668)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
93) Out-of-bounds read (CVE-ID: CVE-2023-52594)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
94) Buffer overflow (CVE-ID: CVE-2023-52612)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
95) Error handling (CVE-ID: CVE-2024-26584)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
96) Out-of-bounds write (CVE-ID: CVE-2024-26586)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
97) Use-after-free (CVE-ID: CVE-2024-26616)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the scrub_read_endio() and scrub_submit_initial_read() functions in fs/btrfs/scrub.c. A local user can escalate privileges on the system.
98) Input validation error (CVE-ID: CVE-2024-26673)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
99) NULL pointer dereference (CVE-ID: CVE-2023-52448)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.
100) Input validation error (CVE-ID: CVE-2024-26620)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vfio_ap_mdev_filter_cdoms(), vfio_ap_mdev_filter_matrix(), assign_adapter_store(), assign_domain_store(), vfio_ap_mdev_probe_queue() and vfio_ap_on_cfg_changed() functions in drivers/s390/crypto/vfio_ap_ops.c. A local user can perform a denial of service (DoS) attack.
101) Buffer overflow (CVE-ID: CVE-2023-52614)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
102) Input validation error (CVE-ID: CVE-2024-26636)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
103) Out-of-bounds read (CVE-ID: CVE-2023-52602)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
104) Improper Initialization (CVE-ID: CVE-2023-52452)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in bpf. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
105) Buffer overflow (CVE-ID: CVE-2023-52601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
106) Use of uninitialized resource (CVE-ID: CVE-2024-26635)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
107) Improper locking (CVE-ID: CVE-2024-26627)
The vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
108) Input validation error (CVE-ID: CVE-2023-52488)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
109) NULL pointer dereference (CVE-ID: CVE-2023-52487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
110) Security features bypass (CVE-ID: CVE-2023-52597)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
111) Buffer overflow (CVE-ID: CVE-2023-52494)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mhi_del_ring_element() function in drivers/bus/mhi/host/main.c. A local user can escalate privileges on the system.
112) Reachable assertion (CVE-ID: CVE-2023-52444)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
113) Out-of-bounds read (CVE-ID: CVE-2024-26608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_unsupported_event() and handle_generic_event() functions in fs/ksmbd/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
114) NULL pointer dereference (CVE-ID: CVE-2023-52593)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
115) Use-after-free (CVE-ID: CVE-2023-52491)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.
116) Improper locking (CVE-ID: CVE-2023-52595)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
117) Buffer overflow (CVE-ID: CVE-2023-52599)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
118) NULL pointer dereference (CVE-ID: CVE-2024-26595)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the spectrum_acl_tcam() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
119) Buffer overflow (CVE-ID: CVE-2023-52622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
120) Deadlock (CVE-ID: CVE-2024-26650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock in drivers/platform/x86/p2sb.c. A local user can perform a denial of service (DoS) attack.
121) Resource management error (CVE-ID: CVE-2024-26614)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
122) NULL pointer dereference (CVE-ID: CVE-2023-52490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mm/migrate.c. A local user can perform a denial of service (DoS) attack.
123) Improper locking (CVE-ID: CVE-2023-52486)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2023-52457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the omap8250_remove() function in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.