SB2024070493 - Information disclosure in Linux kernel
Published: July 4, 2024
Security Bulletin ID
SB2024070493
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-35996)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to speculative execution in kernel/cpu.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/af6d6a923b40bf6471e44067ac61cc5814b48e7f
- https://git.kernel.org/stable/c/36b32816fbab267611f073223f1b0b816ec5920f
- https://git.kernel.org/stable/c/38f17d1fbb5bfb56ca1419e2d06376d57a9396f9
- https://git.kernel.org/stable/c/8292f4f8dd1b005d0688d726261004f816ef730a
- https://git.kernel.org/stable/c/fd8547ebc187037cc69441a15c1441aeaab80f49
- https://git.kernel.org/stable/c/fe42754b94a42d08cf9501790afc25c4f6a5f631
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html