SB2025020348 - SUSE update for the Linux Kernel
Published: February 3, 2025 Updated: April 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 77 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2022-48742)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtnl_newlink() function in net/core/rtnetlink.c. A local user can escalate privileges on the system.
2) Improper locking (CVE-ID: CVE-2022-49033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_qgroup_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2022-49035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the s5p_cec_irq_handler() function in drivers/media/cec/platform/s5p/s5p_cec.c. A local user can perform a denial of service (DoS) attack.
4) Buffer overflow (CVE-ID: CVE-2023-52434)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Use-after-free (CVE-ID: CVE-2023-52922)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.
6) Improper locking (CVE-ID: CVE-2024-26976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
7) Double free (CVE-ID: CVE-2024-35847)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
8) Reachable assertion (CVE-ID: CVE-2024-36484)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
9) Out-of-bounds read (CVE-ID: CVE-2024-36883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2024-36886)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
11) Improper locking (CVE-ID: CVE-2024-38589)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2024-41013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __xfs_dir3_data_check() function in fs/xfs/libxfs/xfs_dir2_data.c. A local user can perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2024-46771)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
14) NULL pointer dereference (CVE-ID: CVE-2024-47141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pr_fmt(), pinmux_can_be_used_for_gpio(), pin_request(), pin_free(), pinmux_enable_setting(), pinmux_disable_setting() and pinmux_pins_show() functions in drivers/pinctrl/pinmux.c, within the pinctrl_register_one_pin() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
15) Improper locking (CVE-ID: CVE-2024-47666)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pm8001_phy_control() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2024-47678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the icmpv6_mask_allow(), icmpv6_global_allow(), icmpv6_xrlim_allow(), icmp6_send() and icmpv6_echo_reply() functions in net/ipv6/icmp.c, within the __SPIN_LOCK_UNLOCKED(), icmpv4_mask_allow(), icmpv4_global_allow(), icmpv4_xrlim_allow(), icmp_reply() and __icmp_send() functions in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
17) Resource management error (CVE-ID: CVE-2024-47709)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2024-49925)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the efifb_probe(), pm_runtime_put() and efifb_remove() functions in drivers/video/fbdev/efifb.c. A local user can escalate privileges on the system.
19) NULL pointer dereference (CVE-ID: CVE-2024-49944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_listen_start() function in net/sctp/socket.c. A local user can perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2024-50039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qdisc_skb_cb() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
21) Use of uninitialized resource (CVE-ID: CVE-2024-50143)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2024-50151)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the SMB2_ioctl_init() function in fs/cifs/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2024-50166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mac_probe() and mac_remove() functions in drivers/net/ethernet/freescale/fman/mac.c. A local user can perform a denial of service (DoS) attack.
24) Use-after-free (CVE-ID: CVE-2024-50199)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unuse_mm() function in mm/swapfile.c. A local user can escalate privileges on the system.
25) Improper error handling (CVE-ID: CVE-2024-50211)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the udf_truncate_extents() function in fs/udf/truncate.c, within the udf_try_read_meta() function in fs/udf/partition.c, within the udf_map_block(), udf_extend_file(), udf_delete_aext() and inode_bmap() functions in fs/udf/inode.c, within the udf_fiiter_init() and udf_fiiter_append_blk() functions in fs/udf/directory.c. A local user can perform a denial of service (DoS) attack.
26) Improper locking (CVE-ID: CVE-2024-50228)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
27) Improper error handling (CVE-ID: CVE-2024-50256)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c. A local user can perform a denial of service (DoS) attack.
28) Out-of-bounds read (CVE-ID: CVE-2024-50262)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2024-50278)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_cache_dev_size() and cache_preresume() functions in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.
30) Use-after-free (CVE-ID: CVE-2024-50280)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_migrations(), destroy(), cache_create() and cache_ctr() functions in drivers/md/dm-cache-target.c. A local user can escalate privileges on the system.
31) Division by zero (CVE-ID: CVE-2024-50287)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the tpg_precalculate_line() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
32) Input validation error (CVE-ID: CVE-2024-50299)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sctp_sf_ootb() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2024-53057)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can escalate privileges on the system.
34) Use of uninitialized resource (CVE-ID: CVE-2024-53101)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ocfs2_setattr() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
35) Improper locking (CVE-ID: CVE-2024-53112)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_commit_trans() function in fs/ocfs2/resize.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2024-53136)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
37) Input validation error (CVE-ID: CVE-2024-53141)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bitmap_ip_uadt() function in net/netfilter/ipset/ip_set_bitmap_ip.c. A local user can perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2024-53144)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_user_confirm_request_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
39) Integer overflow (CVE-ID: CVE-2024-53146)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the decode_cb_compound4res() function in fs/nfsd/nfs4callback.c. A local user can execute arbitrary code.
40) Out-of-bounds read (CVE-ID: CVE-2024-53150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
41) Out-of-bounds read (CVE-ID: CVE-2024-53156)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the htc_connect_service() function in drivers/net/wireless/ath/ath9k/htc_hst.c. A local user can perform a denial of service (DoS) attack.
42) NULL pointer dereference (CVE-ID: CVE-2024-53157)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scpi_dvfs_get_info() function in drivers/firmware/arm_scpi.c. A local user can perform a denial of service (DoS) attack.
43) Resource management error (CVE-ID: CVE-2024-53172)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the alloc_ai(), scan_fast() and ubi_attach() functions in drivers/mtd/ubi/attach.c. A local user can perform a denial of service (DoS) attack.
44) Use-after-free (CVE-ID: CVE-2024-53173)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfs4_open_release() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
45) Use-after-free (CVE-ID: CVE-2024-53179)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_get_sign_key(), smb2_find_smb_ses_unlocked(), smb2_calc_signature() and smb3_calc_signature() functions in fs/smb/client/smb2transport.c. A local user can escalate privileges on the system.
46) Memory leak (CVE-ID: CVE-2024-53198)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the xenbus_dev_probe() function in drivers/xen/xenbus/xenbus_probe.c. A local user can perform a denial of service (DoS) attack.
47) Memory leak (CVE-ID: CVE-2024-53210)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iucv_sock_recvmsg() function in net/iucv/af_iucv.c. A local user can perform a denial of service (DoS) attack.
48) Out-of-bounds read (CVE-ID: CVE-2024-53214)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2024-53224)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_ib_dev_res_init(), mlx5_ib_stage_delay_drop_cleanup(), mlx5_ib_stage_dev_notifier_init() and STAGE_CREATE() functions in drivers/infiniband/hw/mlx5/main.c. A local user can perform a denial of service (DoS) attack.
50) Use-after-free (CVE-ID: CVE-2024-53239)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb6fire_chip_abort(), usb6fire_chip_destroy(), usb6fire_chip_probe() and usb6fire_chip_disconnect() functions in sound/usb/6fire/chip.c. A local user can escalate privileges on the system.
51) NULL pointer dereference (CVE-ID: CVE-2024-53240)
The vulnerability allows a remote backend to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the guest xen-netfront driver. A a malicious network backend can crash the guest OS.
52) Improper locking (CVE-ID: CVE-2024-56531)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_usb_caiaq_input_free() function in sound/usb/caiaq/input.c, within the setup_card(), init_card() and snd_disconnect() functions in sound/usb/caiaq/device.c, within the snd_usb_caiaq_audio_init() function in sound/usb/caiaq/audio.c. A local user can perform a denial of service (DoS) attack.
53) Use-after-free (CVE-ID: CVE-2024-56548)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfsplus_read_wrapper() function in fs/hfsplus/wrapper.c. A local user can escalate privileges on the system.
54) Use-after-free (CVE-ID: CVE-2024-56551)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_vce_sw_fini() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c, within the amdgpu_device_fini_sw() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can escalate privileges on the system.
55) NULL pointer dereference (CVE-ID: CVE-2024-56569)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ftrace_mod_callback() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
56) Input validation error (CVE-ID: CVE-2024-56570)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ovl_dentry_init_flags() function in fs/overlayfs/util.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2024-56587)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brightness_show() and max_brightness_show() functions in drivers/leds/led-class.c. A local user can perform a denial of service (DoS) attack.
58) NULL pointer dereference (CVE-ID: CVE-2024-56599)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath10k_sdio_remove() function in drivers/net/wireless/ath/ath10k/sdio.c. A local user can perform a denial of service (DoS) attack.
59) Security features bypass (CVE-ID: CVE-2024-5660)
The vulnerability allows a malicious guest to compromise the hypervisor.
The vulnerability exists due to incorrect memory address translation when Hardware Page Aggregation (HPA) is enabled and Stage-1 and/or Stage-2 translation is enabled for the active translation regime. A malicious guest can bypass Stage-2 translation and/or GPT protection and compromise the host in certain hypervisor environments.
60) Use-after-free (CVE-ID: CVE-2024-56603)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.
61) Use-after-free (CVE-ID: CVE-2024-56604)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rfcomm_sock_alloc() function in net/bluetooth/rfcomm/sock.c. A local user can escalate privileges on the system.
62) Use-after-free (CVE-ID: CVE-2024-56605)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_alloc() function in net/bluetooth/l2cap_sock.c. A local user can escalate privileges on the system.
63) Use-after-free (CVE-ID: CVE-2024-56606)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the packet_create() function in net/packet/af_packet.c. A local user can escalate privileges on the system.
64) Out-of-bounds read (CVE-ID: CVE-2024-56616)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drm_dp_decode_sideband_msg_hdr() function in drivers/gpu/drm/display/drm_dp_mst_topology.c. A local user can perform a denial of service (DoS) attack.
65) Use-after-free (CVE-ID: CVE-2024-56631)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sg_release() function in drivers/scsi/sg.c. A local user can escalate privileges on the system.
66) Use-after-free (CVE-ID: CVE-2024-56642)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bearer() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
67) Use-after-free (CVE-ID: CVE-2024-56664)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sock_map_lookup_sys() function in net/core/sock_map.c. A local user can escalate privileges on the system.
68) Double free (CVE-ID: CVE-2024-56704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the xen_9pfs_front_free() function in net/9p/trans_xen.c. A local user can perform a denial of service (DoS) attack.
69) Resource management error (CVE-ID: CVE-2024-56724)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
70) Use-after-free (CVE-ID: CVE-2024-56756)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_free_host_mem(), __nvme_alloc_host_mem() and kfree() functions in drivers/nvme/host/pci.c. A local user can escalate privileges on the system.
71) Input validation error (CVE-ID: CVE-2024-57791)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the smc_clc_wait_msg() function in net/smc/smc_clc.c. A local user can perform a denial of service (DoS) attack.
72) Use-after-free (CVE-ID: CVE-2024-57849)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpumsf_pmu_stop() function in arch/s390/kernel/perf_cpum_sf.c. A local user can escalate privileges on the system.
73) Use-after-free (CVE-ID: CVE-2024-57887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adv7533_parse_dt() function in drivers/gpu/drm/bridge/adv7511/adv7533.c, within the adv7511_probe(), i2c_unregister_device() and adv7511_remove() functions in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can escalate privileges on the system.
74) Buffer overflow (CVE-ID: CVE-2024-57888)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the workqueue_softirq_dead(), __flush_workqueue() and start_flush_work() functions in kernel/workqueue.c. A local user can perform a denial of service (DoS) attack.
75) Use-after-free (CVE-ID: CVE-2024-57892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brelse() function in fs/ocfs2/quota_local.c, within the ocfs2_get_next_id() function in fs/ocfs2/quota_global.c. A local user can escalate privileges on the system.
76) Out-of-bounds read (CVE-ID: CVE-2024-57893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DEFINE_SPINLOCK() and snd_seq_oss_synth_sysex() functions in sound/core/seq/oss/seq_oss_synth.c. A local user can perform a denial of service (DoS) attack.
77) Improper access control (CVE-ID: CVE-2024-8805)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the implementation of the HID over GATT Profile. A remote attacker on the local network can bypass implemented security restrictions and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.