SB2025032949 - Anolis OS update for kernel
Published: March 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 107 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2019-13631)
2) Out-of-bounds read (CVE-ID: CVE-2019-15505)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the drivers/media/usb/dvb-usb/technisat-usb2.c USB driver in Linux kernel. A local user can use a specially crafted USB device to trigger out-of-bounds read error during data transfer and read contents of memory on the system.
3) Use-after-free (CVE-ID: CVE-2019-25162)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the i2c_put_adapter() function in drivers/i2c/i2c-core-base.c. A local user can trigger a use-after-free error and crash the kernel.
4) Use-after-free (CVE-ID: CVE-2020-25656)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.
5) Memory leak (CVE-ID: CVE-2020-36777)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dvb_media_device_free() function in drivers/media/dvb-core/dvbdev.c. A local user can crash the system.
6) Out-of-bounds read (CVE-ID: CVE-2021-3753)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.
7) Out-of-bounds read (CVE-ID: CVE-2021-4204)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition in Linux kernel eBPF. A local user trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
8) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2021-46934)
The vulnerability allows a local user to produce warnings from the userspace.
The vulnerability exists due to improper error handling within the compat_i2cdev_ioctl() function in drivers/i2c/i2c-dev.c. A local user can pass specially crafted data to the driver and influence its behavior.
9) Use-after-free (CVE-ID: CVE-2021-47013)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.
10) Improper locking (CVE-ID: CVE-2021-47055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtdchar_ioctl() function in drivers/mtd/mtdchar.c. A local user can perform a denial of service (DoS) attack.
11) Use-after-free (CVE-ID: CVE-2021-47118)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernel_init_freeable() function in init/main.c. A local user can escalate privileges on the system.
12) Improper error handling (CVE-ID: CVE-2021-47153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.
13) Memory leak (CVE-ID: CVE-2021-47171)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2021-47185)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds write (CVE-ID: CVE-2022-0500)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in unrestricted eBPF usage by the BPF_BTF_LOAD in Linux kernel. A local user can trigger an out-of-bounds write error in BPF subsystem and execute arbitrary code with elevated privileges.
16) Security restrictions bypass (CVE-ID: CVE-2022-23222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.
17) Buffer overflow (CVE-ID: CVE-2022-3565)
The vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the del_timer() function in drivers/isdn/mISDN/l1oip_core.c in the Bluetooth component. An attacker with physical proximity to device can trigger memory corruption and execute arbitrary code on the target system.
18) Integer overflow (CVE-ID: CVE-2022-45934)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the l2cap_config_req() function in net/bluetooth/l2cap_core.c in Linux kernel. A local user can pass specially crafted L2CAP_CONF_REQ packets to the device, trigger an integer overflow and execute arbitrary code with elevated privileges.
19) Resource exhaustion (CVE-ID: CVE-2022-48627)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
20) Memory leak (CVE-ID: CVE-2022-48669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the arch/powerpc/platforms/pseries/papr_platform_attributes.c. A local user can perform a denial of service (DoS) attack.
21) Improper Initialization (CVE-ID: CVE-2023-1513)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.
22) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-24023)
The vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.
23) Improper access control (CVE-ID: CVE-2023-25775)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in the Intel Ethernet Controller RDMA driver for Linux. A remote non-authenticated attacker can bypass implemented security restrictions and gain access to sensitive information.
24) Double Free (CVE-ID: CVE-2023-28464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
25) NULL pointer dereference (CVE-ID: CVE-2023-31083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2023-3567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc_screen() function in vcs_read in drivers/tty/vt/vc_screen.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
27) Out-of-bounds read (CVE-ID: CVE-2023-37453)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_descriptors() function in drivers/usb/core/sysfs.c. An attacker with physical access to the system can attach a malicious USB device, trigger an out-of-bounds read error and crash the kernel.
28) Buffer overflow (CVE-ID: CVE-2023-38409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the set_con2fb_map() function in drivers/video/fbdev/core/fbcon.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
29) Out-of-bounds read (CVE-ID: CVE-2023-39189)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
30) Out-of-bounds read (CVE-ID: CVE-2023-39192)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
31) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
32) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
33) Use-after-free (CVE-ID: CVE-2023-39198)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.
34) Use-after-free (CVE-ID: CVE-2023-4133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cxgb4 driver in the Linux kernel. A local user can trigger a use-after-free and crash the kernel.
35) Use-after-free (CVE-ID: CVE-2023-4244)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
36) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
37) Out-of-bounds read (CVE-ID: CVE-2023-42755)
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.
38) Out-of-bounds write (CVE-ID: CVE-2023-45863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
39) Use-after-free (CVE-ID: CVE-2023-51779)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when handling bt_sock_ioctl in the Bluetooth subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
40) Race condition (CVE-ID: CVE-2023-51780)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the ATM (Asynchronous Transfer Mode) subsystem in Linux kernel. A local user can exploit the race and escalate privileges on the system.
41) Resource exhaustion (CVE-ID: CVE-2023-52340)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.
Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.
42) Buffer overflow (CVE-ID: CVE-2023-52434)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Use-after-free (CVE-ID: CVE-2023-52439)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
44) Use-after-free (CVE-ID: CVE-2023-52445)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
45) NULL pointer dereference (CVE-ID: CVE-2023-52448)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.
46) Use of uninitialized resource (CVE-ID: CVE-2023-52477)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
47) Race condition (CVE-ID: CVE-2023-52489)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
48) NULL pointer dereference (CVE-ID: CVE-2023-52513)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the siw_accept_newconn(), siw_cm_work_handler() and siw_cm_llp_data_ready() functions in drivers/infiniband/sw/siw/siw_cm.c. A local user can perform a denial of service (DoS) attack.
49) Memory leak (CVE-ID: CVE-2023-52520)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tlmi_release_attr() and tlmi_sysfs_init() functions in drivers/platform/x86/think-lmi.c. A local user can perform a denial of service (DoS) attack.
50) Use of uninitialized resource (CVE-ID: CVE-2023-52528)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
51) Out-of-bounds read (CVE-ID: CVE-2023-52565)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the uvc_query_v4l2_menu() function in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.
52) NULL pointer dereference (CVE-ID: CVE-2023-52574)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
53) Race condition (CVE-ID: CVE-2023-52578)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
54) Reachable Assertion (CVE-ID: CVE-2023-52580)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in net/core/flow_dissector.c. A remote attacker on the local network can send specially crafted PTP ethernet frames to the system and perform a denial of service (DoS) attack.
55) Memory leak (CVE-ID: CVE-2023-52581)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_trans_gc_space() function in net/netfilter/nf_tables_api.c. A local user can force the system to leak memory and perform denial of service attack.
56) Out-of-bounds read (CVE-ID: CVE-2023-52594)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
57) Improper locking (CVE-ID: CVE-2023-52595)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
58) Security features bypass (CVE-ID: CVE-2023-52597)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
59) Resource management error (CVE-ID: CVE-2023-52598)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
60) Buffer overflow (CVE-ID: CVE-2023-52606)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
61) NULL pointer dereference (CVE-ID: CVE-2023-52607)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
62) Memory leak (CVE-ID: CVE-2023-52610)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
63) Improper access control (CVE-ID: CVE-2023-52620)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
64) Out-of-bounds read (CVE-ID: CVE-2023-6121)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the NVMe-oF/TCP subsystem in the Linux kernel. A remote attacker can send specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory.
65) NULL pointer dereference (CVE-ID: CVE-2023-6176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
66) Observable discrepancy (CVE-ID: CVE-2023-6240)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.67) NULL pointer dereference (CVE-ID: CVE-2023-6622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2023-6915)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ida_free() function in lib/idr.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
69) Use-after-free (CVE-ID: CVE-2023-6932)
The vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.
70) Improper Initialization (CVE-ID: CVE-2024-0340)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization within the vhost_new_msg() function in drivers/vhost/vhost.c in the Linux kernel vhost driver. A local user can run a specially crafted application to gain access to sensitive kernel information.
71) NULL pointer dereference (CVE-ID: CVE-2024-0841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
72) Integer overflow (CVE-ID: CVE-2024-23307)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
73) Code Injection (CVE-ID: CVE-2024-25742)
The vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.
74) Code Injection (CVE-ID: CVE-2024-25743)
The vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.
75) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-25744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.
76) Out-of-bounds read (CVE-ID: CVE-2024-26593)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
77) Resource exhaustion (CVE-ID: CVE-2024-26602)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
78) Infinite loop (CVE-ID: CVE-2024-26603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.
79) Input validation error (CVE-ID: CVE-2024-26609)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to QUEUE/DROP verdict parameters are rejected within the nft_verdict_init() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
80) Buffer overflow (CVE-ID: CVE-2024-26610)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
81) NULL pointer dereference (CVE-ID: CVE-2024-26615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
82) Improper access control (CVE-ID: CVE-2024-26642)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
83) Race condition (CVE-ID: CVE-2024-26643)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.
84) Buffer overflow (CVE-ID: CVE-2024-26659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
85) Out-of-bounds read (CVE-ID: CVE-2024-26664)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
86) Buffer overflow (CVE-ID: CVE-2024-26671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
87) Improper Initialization (CVE-ID: CVE-2024-26693)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the iwl_mvm_is_dup() function in drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c, within the iwl_mvm_sta_state_notexist_to_none() function in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
88) Double free (CVE-ID: CVE-2024-26694)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the iwl_dealloc_ucode() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
89) Improper locking (CVE-ID: CVE-2024-26743)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
90) NULL pointer dereference (CVE-ID: CVE-2024-26744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
91) Race condition (CVE-ID: CVE-2024-26779)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.
92) Use-after-free (CVE-ID: CVE-2024-26872)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
93) Use-after-free (CVE-ID: CVE-2024-26892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mt792x_irq_handler() function in drivers/net/wireless/mediatek/mt76/mt792x_dma.c, within the mt7921_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7921/pci.c. A local user can escalate privileges on the system.
94) NULL pointer dereference (CVE-ID: CVE-2024-26897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
95) Information disclosure (CVE-ID: CVE-2024-26901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
96) Memory leak (CVE-ID: CVE-2024-26919)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ulpi_register() function in drivers/usb/common/ulpi.c. A local user can perform a denial of service (DoS) attack.
97) Improper locking (CVE-ID: CVE-2024-26933)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.
98) Improper locking (CVE-ID: CVE-2024-26934)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
99) NULL pointer dereference (CVE-ID: CVE-2024-26964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
100) Information disclosure (CVE-ID: CVE-2024-26973)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
101) Information disclosure (CVE-ID: CVE-2024-26993)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
102) Improper locking (CVE-ID: CVE-2024-27014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
103) NULL pointer dereference (CVE-ID: CVE-2024-27048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
104) Use-after-free (CVE-ID: CVE-2024-27052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
105) Resource management error (CVE-ID: CVE-2024-27056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_sta_ensure_queue() function in drivers/net/wireless/intel/iwlwifi/mvm/sta.c, within the __iwl_mvm_suspend() function in drivers/net/wireless/intel/iwlwifi/mvm/d3.c. A local user can perform a denial of service (DoS) attack.
106) Division by zero (CVE-ID: CVE-2024-27059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
107) Buffer overflow (CVE-ID: CVE-2022-48947)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the l2cap_config_req() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.