ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2024-42118): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array [WHY] resource_stream_to_stream_idx returns an array index and it return -1 when not found; however, -1 is not a valid array index number. [HOW] When this happens, call ASSERT(), and return a zero instead. This fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42118 CVE - 2024-42118 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Rocky Linux: CVE-2024-42102: kernel (RLSA-2024-6567) Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 09/18/2024 Added 09/17/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits.This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways.Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this).Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs.We have div64_ul() in case we want to be safe & cheap.Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-devel-matched rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-core rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debug-uki-virt rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-devel rocky-upgrade-kernel-devel-matched rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-core rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-kernel-uki-virt rocky-upgrade-kernel-zfcpdump rocky-upgrade-kernel-zfcpdump-core rocky-upgrade-kernel-zfcpdump-debuginfo rocky-upgrade-kernel-zfcpdump-devel rocky-upgrade-kernel-zfcpdump-devel-matched rocky-upgrade-kernel-zfcpdump-modules rocky-upgrade-kernel-zfcpdump-modules-core rocky-upgrade-kernel-zfcpdump-modules-extra rocky-upgrade-libperf rocky-upgrade-libperf-debuginfo rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo rocky-upgrade-rtla rocky-upgrade-rv References https://attackerkb.com/topics/cve-2024-42102 CVE - 2024-42102 https://errata.rockylinux.org/RLSA-2024:6567

Ubuntu: (Multiple Advisories) (CVE-2024-42104): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/30/2024 Created 09/14/2024 Added 09/13/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile inode in this case). The inconsistency occurs because directories containing the inode numbers of these metadata files that should not be visible in the namespace are read without checking. Fix this issue by treating the inode numbers of these internal files as errors in the sanity check helper when reading directory folios/pages. Also thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer analysis. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1137-oracle ubuntu-upgrade-linux-image-4-15-0-1158-kvm ubuntu-upgrade-linux-image-4-15-0-1168-gcp ubuntu-upgrade-linux-image-4-15-0-1175-aws ubuntu-upgrade-linux-image-4-15-0-1183-azure ubuntu-upgrade-linux-image-4-15-0-231-generic ubuntu-upgrade-linux-image-4-15-0-231-lowlatency ubuntu-upgrade-linux-image-4-4-0-1138-aws ubuntu-upgrade-linux-image-4-4-0-1139-kvm ubuntu-upgrade-linux-image-4-4-0-1176-aws ubuntu-upgrade-linux-image-4-4-0-261-generic ubuntu-upgrade-linux-image-4-4-0-261-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0-1062-ibm ubuntu-upgrade-linux-image-5-15-0-1062-raspi ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1064-nvidia ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1066-gke ubuntu-upgrade-linux-image-5-15-0-1066-kvm ubuntu-upgrade-linux-image-5-15-0-1067-oracle ubuntu-upgrade-linux-image-5-15-0-1068-gcp ubuntu-upgrade-linux-image-5-15-0-1069-aws ubuntu-upgrade-linux-image-5-15-0-1072-azure ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde ubuntu-upgrade-linux-image-5-15-0-121-generic ubuntu-upgrade-linux-image-5-15-0-121-generic-64k ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae ubuntu-upgrade-linux-image-5-15-0-121-lowlatency ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1043-iot ubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1079-ibm ubuntu-upgrade-linux-image-5-4-0-1092-bluefield ubuntu-upgrade-linux-image-5-4-0-1099-gkeop ubuntu-upgrade-linux-image-5-4-0-1116-raspi ubuntu-upgrade-linux-image-5-4-0-1120-kvm ubuntu-upgrade-linux-image-5-4-0-1131-oracle ubuntu-upgrade-linux-image-5-4-0-1132-aws ubuntu-upgrade-linux-image-5-4-0-1136-gcp ubuntu-upgrade-linux-image-5-4-0-1137-azure ubuntu-upgrade-linux-image-5-4-0-195-generic ubuntu-upgrade-linux-image-5-4-0-195-generic-lpae ubuntu-upgrade-linux-image-5-4-0-195-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-42104 CVE - 2024-42104 USN-7003-1 USN-7003-2 USN-7003-3 USN-7003-4 USN-7003-5 USN-7006-1 USN-7007-1 USN-7007-2 USN-7007-3 USN-7009-1 USN-7009-2 USN-7019-1 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7121-1 USN-7121-2 USN-7121-3 USN-7148-1 USN-7156-1 View more

Ubuntu: (Multiple Advisories) (CVE-2024-42117): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns an array index and they return -1 when not found; however, -1 is not a valid index number. [HOW] When this happens, call ASSERT(), and return a positive number (which is fewer than callers' array size) instead. This fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42117 CVE - 2024-42117 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Ubuntu: (Multiple Advisories) (CVE-2024-42112): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in the device remove routine, before free IRQs. So isb memory is still read after it is freed. Thus move wx_free_isb_resources() from txgbe_close() to txgbe_remove(). And fix the improper isb free action in txgbe_open() error handling path. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42112 CVE - 2024-42112 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Ubuntu: (Multiple Advisories) (CVE-2024-42103): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block group is removed from the reclaim list and it is on a relocation work, it can be added into the unused list in parallel. When that happens, adding it to the reclaim list will corrupt the list head and trigger list corruption like below. Fix it by taking fs_info->unused_bgs_lock. [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104 [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0) [177.529][T2585409] ------------[ cut here ]------------ [177.537][T2585409] kernel BUG at lib/list_debug.c:65! [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: GW6.10.0-rc5-kts #1 [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022 [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs] [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72 [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286 [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000 [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40 [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08 [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0 [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000 [177.687][T2585409] FS:0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000 [177.700][T2585409] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0 [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000 [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400 [177.742][T2585409] PKRU: 55555554 [177.748][T2585409] Call Trace: [177.753][T2585409]<TASK> [177.759][T2585409]? __die_body.cold+0x19/0x27 [177.766][T2585409]? die+0x2e/0x50 [177.772][T2585409]? do_trap+0x1ea/0x2d0 [177.779][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.788][T2585409]? do_error_trap+0xa3/0x160 [177.795][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.805][T2585409]? handle_invalid_op+0x2c/0x40 [177.812][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.820][T2585409]? exc_invalid_op+0x2d/0x40 [177.827][T2585409]? asm_exc_invalid_op+0x1a/0x20 [177.834][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.843][T2585409]btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs] There is a similar retry_list code in btrfs_delete_unused_bgs(), but it is safe, AFAICS. Since the block group was in the unused list, the used bytes should be 0 when it was added to the unused list. Then, it checks block_group->{used,reserved,pinned} are still 0 under the block_group->lock. So, they should be still eligible for the unused list, not the reclaim list. The reason it is safe there it's because because we're holding space_info->groups_sem in write mode. That means no other task can allocate from the block group, so while we are at deleted_unused_bgs() it's not possible for other tasks to allocate and deallocate extents from the block group, so it can't be added to the unused list or the reclaim list by anyone else. The bug can be reproduced by btrfs/166 after a few rounds. In practice this can be hit when relocation cannot find more chunk space and ends with ENOSPC. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42103 CVE - 2024-42103 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Ubuntu: (Multiple Advisories) (CVE-2024-42102): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 09/14/2024 Added 09/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits.This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways.Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this).Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs.We have div64_ul() in case we want to be safe & cheap.Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0-1062-ibm ubuntu-upgrade-linux-image-5-15-0-1062-raspi ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1064-nvidia ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1066-gke ubuntu-upgrade-linux-image-5-15-0-1066-kvm ubuntu-upgrade-linux-image-5-15-0-1067-oracle ubuntu-upgrade-linux-image-5-15-0-1068-gcp ubuntu-upgrade-linux-image-5-15-0-1069-aws ubuntu-upgrade-linux-image-5-15-0-1072-azure ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde ubuntu-upgrade-linux-image-5-15-0-121-generic ubuntu-upgrade-linux-image-5-15-0-121-generic-64k ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae ubuntu-upgrade-linux-image-5-15-0-121-lowlatency ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1043-iot ubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1079-ibm ubuntu-upgrade-linux-image-5-4-0-1092-bluefield ubuntu-upgrade-linux-image-5-4-0-1099-gkeop ubuntu-upgrade-linux-image-5-4-0-1116-raspi ubuntu-upgrade-linux-image-5-4-0-1120-kvm ubuntu-upgrade-linux-image-5-4-0-1131-oracle ubuntu-upgrade-linux-image-5-4-0-1132-aws ubuntu-upgrade-linux-image-5-4-0-1136-gcp ubuntu-upgrade-linux-image-5-4-0-1137-azure ubuntu-upgrade-linux-image-5-4-0-195-generic ubuntu-upgrade-linux-image-5-4-0-195-generic-lpae ubuntu-upgrade-linux-image-5-4-0-195-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-42102 CVE - 2024-42102 USN-7003-1 USN-7003-2 USN-7003-3 USN-7003-4 USN-7003-5 USN-7006-1 USN-7007-1 USN-7007-2 USN-7007-3 USN-7009-1 USN-7009-2 USN-7019-1 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Debian: CVE-2022-48853: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 07/30/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV and a corresponding dxferp. The peculiar thing about this is that TUR is not reading from the device. 2) In sg_start_req() the invocation of blk_rq_map_user() effectively bounces the user-space buffer. As if the device was to transfer into it. Since commit a45b599ad808 ("scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()") we make sure this first bounce buffer is allocated with GFP_ZERO. 3) For the rest of the story we keep ignoring that we have a TUR, so the device won't touch the buffer we prepare as if the we had a DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device and thebuffer allocated by SG is mapped by the function virtqueue_add_split() which uses DMA_FROM_DEVICE for the "in" sgs (here scatter-gather and not scsi generics). This mapping involves bouncing via the swiotlb (we need swiotlb to do virtio in protected guest like s390 Secure Execution, or AMD SEV). 4) When the SCSI TUR is done, we first copy back the content of the second (that is swiotlb) bounce buffer (which most likely contains some previous IO data), to the first bounce buffer, which contains all zeros.Then we copy back the content of the first bounce buffer to the user-space buffer. 5) The test case detects that the buffer, which it zero-initialized, ain't all zeros and fails. One can argue that this is an swiotlb problem, because without swiotlb we leak all zeros, and the swiotlb should be transparent in a sense that it does not affect the outcome (if all other participants are well behaved). Copying the content of the original buffer into the swiotlb buffer is the only way I can think of to make swiotlb transparent in such scenarios. So let's do just that if in doubt, but allow the driver to tell us that the whole mapped buffer is going to be overwritten, in which case we can preserve the old behavior and avoid the performance impact of the extra bounce. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48853 CVE - 2022-48853

Debian: CVE-2024-42131: linux, linux-6.1 -- security update Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 07/30/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits).If limits end up being larger, we will hit overflows, possible divisions by 0 etc.Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway.For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits.For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc.So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-42131 CVE - 2024-42131 DSA-5747-1

Debian: CVE-2020-25720: samba -- security update Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 07/30/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2020-25720 CVE - 2020-25720

VMware Photon OS: CVE-2024-42103 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block group is removed from the reclaim list and it is on a relocation work, it can be added into the unused list in parallel. When that happens, adding it to the reclaim list will corrupt the list head and trigger list corruption like below. Fix it by taking fs_info->unused_bgs_lock. [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104 [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0) [177.529][T2585409] ------------[ cut here ]------------ [177.537][T2585409] kernel BUG at lib/list_debug.c:65! [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: GW6.10.0-rc5-kts #1 [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022 [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs] [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72 [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286 [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000 [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40 [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08 [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0 [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000 [177.687][T2585409] FS:0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000 [177.700][T2585409] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0 [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000 [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400 [177.742][T2585409] PKRU: 55555554 [177.748][T2585409] Call Trace: [177.753][T2585409]<TASK> [177.759][T2585409]? __die_body.cold+0x19/0x27 [177.766][T2585409]? die+0x2e/0x50 [177.772][T2585409]? do_trap+0x1ea/0x2d0 [177.779][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.788][T2585409]? do_error_trap+0xa3/0x160 [177.795][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.805][T2585409]? handle_invalid_op+0x2c/0x40 [177.812][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.820][T2585409]? exc_invalid_op+0x2d/0x40 [177.827][T2585409]? asm_exc_invalid_op+0x1a/0x20 [177.834][T2585409]? __list_del_entry_valid_or_report.cold+0x70/0x72 [177.843][T2585409]btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs] There is a similar retry_list code in btrfs_delete_unused_bgs(), but it is safe, AFAICS. Since the block group was in the unused list, the used bytes should be 0 when it was added to the unused list. Then, it checks block_group->{used,reserved,pinned} are still 0 under the block_group->lock. So, they should be still eligible for the unused list, not the reclaim list. The reason it is safe there it's because because we're holding space_info->groups_sem in write mode. That means no other task can allocate from the block group, so while we are at deleted_unused_bgs() it's not possible for other tasks to allocate and deallocate extents from the block group, so it can't be added to the unused list or the reclaim list by anyone else. The bug can be reproduced by btrfs/166 after a few rounds. In practice this can be hit when relocation cannot find more chunk space and ends with ENOSPC. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-42103 CVE - 2024-42103

Debian: CVE-2014-9586: binpac -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description Debian: CVE-2014-9586: binpac -- security update Solution(s) debian-upgrade-binpac References https://attackerkb.com/topics/cve-2014-9586 CVE - 2014-9586

IBM AIX: openssl_advisory42 (CVE-2024-4741): Vulnerabilities in OpenSSL affect AIX Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 07/30/2024 Created 07/31/2024 Added 07/31/2024 Modified 11/15/2024 Description Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) ibm-aix-openssl_advisory42 References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 https://aix.software.ibm.com/aix/efixes/security/openssl_advisory42.asc

Ubuntu: (Multiple Advisories) (CVE-2023-52888): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2023-52888 CVE - 2023-52888 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Huawei EulerOS: CVE-2024-42148: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/30/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FP_SB_MAX_E1x using the num_queues module parameter. Currently there is a read/write out of bounds that occurs on the array "struct stats_query_entry query" present inside the "bnx2x_fw_stats_req" struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h". Looking at the definition of the "struct stats_query_entry query" array: struct stats_query_entry query[FP_SB_MAX_E1x+ BNX2X_FIRST_QUEUE_QUERY_IDX]; FP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and has a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3 meaning the array has a total size of 19. Since accesses to "struct stats_query_entry query" are offset-ted by BNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet queues should not exceed FP_SB_MAX_E1x (16). However one of these queues is reserved for FCOE and thus the number of Ethernet queues should be set to [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if it is not. This is also described in a comment in the source code in drivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition of FP_SB_MAX_E1x. Below is the part of this explanation that it important for this patch /* * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is * control by the number of fast-path status blocks supported by the * device (HW/FW). Each fast-path status block (FP-SB) aka non-default * status block represents an independent interrupts context that can * serve a regular L2 networking queue. However special L2 queues such * as the FCoE queue do not require a FP-SB and other components like * the CNIC may consume FP-SB reducing the number of possible L2 queues * * If the maximum number of FP-SB available is X then: * a. If CNIC is supported it consumes 1 FP-SB thus the max number of *regular L2 queues is Y=X-1 * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor) * c. If the FCoE L2 queue is supported the actual number of L2 queues *is Y+1 * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for *slow-path interrupts) or Y+2 if CNIC is supported (one additional *FP interrupt context for the CNIC). * e. The number of HW context (CID count) is always X or X+1 if FCoE *L2 queue is supported. The cid for the FCoE L2 queue is always X. */ However this driver also supports NICs that use the E2 controller which can handle more queues due to having more FP-SB represented by FP_SB_MAX_E2. Looking at the commits when the E2 support was added, it was originally using the E1x parameters: commit f2e0899f0f27 ("bnx2x: Add 57712 support"). Back then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver was later updated to take full advantage of the E2 instead of having it be limited to the capabilities of the E1x. But as far as we can tell, the array "stats_query_entry query" was still limited to using the FP-SB available to the E1x cards as part of an oversignt when the driver was updated to take full advantage of the E2, and now with the driver being aware of the greater queue size supported by E2 NICs, it causes the UBSAN warnings seen in the stack traces below. This patch increases the size of the "stats_query_entry query" array by replacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle both types of NICs. Stack traces: UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11 index 20 is out of range for type 'stats_query_entry [19]' CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic #202405052133 Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 ---truncated--- Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-42148 CVE - 2024-42148 EulerOS-SA-2024-2907

Debian: CVE-2022-48864: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command When control vq receives a VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command request from the driver, presently there is no validation against the number of queue pairs to configure, or even if multiqueue had been negotiated or not is unverified. This may lead to kernel panic due to uninitialized resource for the queues were there any bogus request sent down by untrusted driver. Tie up the loose ends there. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48864 CVE - 2022-48864

Debian: CVE-2022-48801: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/31/2024 Description In the Linux kernel, the following vulnerability has been resolved: iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL If we fail to copy the just created file descriptor to userland, we try to clean up by putting back 'fd' and freeing 'ib'. The code uses put_unused_fd() for the former which is wrong, as the file descriptor was already published by fd_install() which gets called internally by anon_inode_getfd(). This makes the error handling code leaving a half cleaned up file descriptor table around and a partially destructed 'file' object, allowing userland to play use-after-free tricks on us, by abusing the still usable fd and making the code operate on a dangling 'file->private_data' pointer. Instead of leaving the kernel in a partially corrupted state, don't attempt to explicitly clean up and leave this to the process exit path that'll release any still valid fds, including the one created by the previous call to anon_inode_getfd(). Simply return -EFAULT to indicate the error. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48801 CVE - 2022-48801

Ubuntu: (Multiple Advisories) (CVE-2024-42140): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 09/17/2024 Added 09/16/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use. So we simply remove it. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0-1062-ibm ubuntu-upgrade-linux-image-5-15-0-1062-raspi ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1064-nvidia ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1066-gke ubuntu-upgrade-linux-image-5-15-0-1066-kvm ubuntu-upgrade-linux-image-5-15-0-1067-oracle ubuntu-upgrade-linux-image-5-15-0-1068-gcp ubuntu-upgrade-linux-image-5-15-0-1069-aws ubuntu-upgrade-linux-image-5-15-0-1072-azure ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde ubuntu-upgrade-linux-image-5-15-0-121-generic ubuntu-upgrade-linux-image-5-15-0-121-generic-64k ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae ubuntu-upgrade-linux-image-5-15-0-121-lowlatency ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-42140 CVE - 2024-42140 USN-7007-1 USN-7007-2 USN-7007-3 USN-7009-1 USN-7009-2 USN-7019-1 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Huawei EulerOS: CVE-2024-42145: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-42145 CVE - 2024-42145 EulerOS-SA-2024-2907

Ubuntu: (Multiple Advisories) (CVE-2024-42128): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42128 CVE - 2024-42128 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Ubuntu: (Multiple Advisories) (CVE-2024-42227): Linux kernel kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lead to unexpected behavior. [HOW] memmove should be used. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42227 CVE - 2024-42227 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Oracle Linux: CVE-2024-42126: ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 07/30/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don&apos;t see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line &quot;percpu_alloc=page&quot; we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [1.215719] --- interrupt: 200 [1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42126 CVE - 2024-42126 ELSA-2024-12815

Ubuntu: (Multiple Advisories) (CVE-2024-42133): Linux kernel kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/30/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42133 CVE - 2024-42133 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Oracle Linux: CVE-2024-42116: ELSA-2024-12618: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 07/30/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: igc: fix a log entry using uninitialized netdev During successful probe, igc logs this: [5.133667] igc 0000:01:00.0 (unnamed net_device) (uninitialized): PHC added ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The reason is that igc_ptp_init() is called very early, even before register_netdev() has been called. So the netdev_info() call works on a partially uninitialized netdev. Fix this by calling igc_ptp_init() after register_netdev(), right after the media autosense check, just as in igb.Add a comment, just as in igb. Now the log message is fine: [5.200987] igc 0000:01:00.0 eth0: PHC added A vulnerability was found in the igc_probe() function in the Linux kernel&apos;s igc driver, where an uninitialized netdev is logged during the probe process. This occurs because the igc_ptp_init() function is called before the netdev() register is called, resulting in a misleading log entry. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42116 CVE - 2024-42116 ELSA-2024-12618

SUSE: CVE-2024-42119: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/30/2024 Created 08/16/2024 Added 08/15/2024 Modified 08/19/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Skip and return NULL. This fixes 2 OVERRUN issues reported by Coverity. Solution(s) suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure References https://attackerkb.com/topics/cve-2024-42119 CVE - 2024-42119