ISHACK AI BOT

Microsoft Edge Chromium: CVE-2024-6991 Use after free in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/26/2024 Created 07/27/2024 Added 07/26/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-6991 CVE - 2024-6991 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6991

Microsoft Edge Chromium: CVE-2024-6994 Heap buffer overflow in Layout Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/26/2024 Created 07/27/2024 Added 07/26/2024 Modified 01/28/2025 Description Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-6994 CVE - 2024-6994 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-6994

Huawei EulerOS: CVE-2024-40897: orc security update Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 07/26/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. Solution(s) huawei-euleros-2_0_sp9-upgrade-orc huawei-euleros-2_0_sp9-upgrade-orc-help References https://attackerkb.com/topics/cve-2024-40897 CVE - 2024-40897 EulerOS-SA-2024-2401

Huawei EulerOS: CVE-2024-40897: orc security update Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 07/26/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. Solution(s) huawei-euleros-2_0_sp10-upgrade-orc huawei-euleros-2_0_sp10-upgrade-orc-help References https://attackerkb.com/topics/cve-2024-40897 CVE - 2024-40897 EulerOS-SA-2024-2449

Microsoft Edge Chromium: CVE-2024-38103 Severity 6 CVSS (AV:N/AC:H/Au:N/C:C/I:P/A:N) Published 07/26/2024 Created 07/27/2024 Added 07/26/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-38103 CVE - 2024-38103 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38103

Ubuntu: (Multiple Advisories) (CVE-2024-29069): snapd vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/25/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. Solution(s) ubuntu-pro-upgrade-snapd References https://attackerkb.com/topics/cve-2024-29069 CVE - 2024-29069 USN-6940-1 USN-6940-2

Ubuntu: (Multiple Advisories) (CVE-2024-29068): snapd vulnerabilities Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:C) Published 07/25/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service. Solution(s) ubuntu-pro-upgrade-snapd References https://attackerkb.com/topics/cve-2024-29068 CVE - 2024-29068 USN-6940-1 USN-6940-2

Security Advisory 0099 Severity 8 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:C) Published 07/25/2024 Created 09/10/2024 Added 09/05/2024 Modified 12/17/2024 Description This advisory addresses two vulnerabilities (CVE-2024-27892 and CVE-2024-27890) in Arista EOS with OpenConfig configured. These vulnerabilities allow unauthorized gNMI Set requests, potentially resulting in unexpected configuration changes on affected switches. The issues were discovered internally and no malicious uses have been reported in customer networks. Solution(s) upgrade-solution-CVE-2024-27892 References https://attackerkb.com/topics/cve-2024-27892 CVE - 2024-27892 https://www.arista.com//en/support/advisories-notices/security-advisory/19862-security-advisory-0099

Ubuntu: (Multiple Advisories) (CVE-2024-1724): snapd vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 07/25/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/30/2025 Description In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement. Solution(s) ubuntu-pro-upgrade-snapd References https://attackerkb.com/topics/cve-2024-1724 CVE - 2024-1724 USN-6940-1 USN-6940-2

Security Advisory 0099 Severity 8 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:C) Published 07/25/2024 Created 09/10/2024 Added 09/05/2024 Modified 12/17/2024 Description This advisory addresses two vulnerabilities (CVE-2024-27892 and CVE-2024-27890) in Arista EOS with OpenConfig configured. These vulnerabilities allow unauthorized gNMI Set requests, potentially resulting in unexpected configuration changes on affected switches. The issues were discovered internally and no malicious uses have been reported in customer networks. Solution(s) upgrade-solution-CVE-2024-27890 References https://attackerkb.com/topics/cve-2024-27890 CVE - 2024-27890 https://www.arista.com//en/support/advisories-notices/security-advisory/19862-security-advisory-0099

VMware Photon OS: CVE-2024-6197 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer.Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags.The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-6197 CVE - 2024-6197

Docker CE:(CVE-2024-41110) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/24/2024 Created 09/10/2024 Added 09/09/2024 Modified 12/06/2024 Description Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. Solution(s) docker-ce-upgrade-latest References https://attackerkb.com/topics/cve-2024-41110 CVE - 2024-41110 https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://security.netapp.com/advisory/ntap-20240802-0001/ https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin View more

Huawei EulerOS: CVE-2024-41110: docker-engine security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/24/2024 Created 10/09/2024 Added 10/08/2024 Modified 12/06/2024 Description Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. Solution(s) huawei-euleros-2_0_sp9-upgrade-docker-engine huawei-euleros-2_0_sp9-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2024-41110 CVE - 2024-41110 EulerOS-SA-2024-2385

Docker EE:(CVE-2024-41110) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/24/2024 Created 09/10/2024 Added 09/09/2024 Modified 12/06/2024 Description Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. Solution(s) docker-ee-upgrade-latest References https://attackerkb.com/topics/cve-2024-41110 CVE - 2024-41110 https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html https://security.netapp.com/advisory/ntap-20240802-0001/ https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin View more

Gentoo Linux: GLSA 202407-28: Freenet: Deanonymization Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/24/2024 Created 07/26/2024 Added 07/25/2024 Modified 07/25/2024 Description This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. Solution(s) gentoo-linux-upgrade-net-p2p-freenet References 202407-28

ISC BIND: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/24/2024 Created 07/26/2024 Added 07/24/2024 Modified 07/26/2024 Description Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2024-4076 CVE - 2024-4076 https://kb.isc.org/docs/cve-2024-4076

ISC BIND: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2024 Created 07/26/2024 Added 07/24/2024 Modified 01/30/2025 Description If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2024-1975 CVE - 2024-1975 https://kb.isc.org/docs/cve-2024-1975

ISC BIND: A flood of DNS messages over TCP may make the server unstable (CVE-2024-0760) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2024 Created 07/26/2024 Added 07/24/2024 Modified 01/28/2025 Description A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2024-0760 CVE - 2024-0760 https://kb.isc.org/docs/cve-2024-0760

ISC BIND: BIND's database will be slow if a very large number of RRs exist at the same name (CVE-2024-1737) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2024 Created 07/26/2024 Added 07/24/2024 Modified 01/28/2025 Description Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2024-1737 CVE - 2024-1737 https://kb.isc.org/docs/cve-2024-1737

Google Chrome Vulnerability: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/24/2024 Created 07/24/2024 Added 07/24/2024 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7005 CVE - 2024-7005

Huawei EulerOS: CVE-2024-41110: docker-engine security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/24/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/21/2025 Description Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it. A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable. docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. Solution(s) huawei-euleros-2_0_sp8-upgrade-docker-engine huawei-euleros-2_0_sp8-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2024-41110 CVE - 2024-41110 EulerOS-SA-2025-1119

Alpine Linux: CVE-2024-6197: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer.Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags.The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2024-6197 CVE - 2024-6197 https://security.alpinelinux.org/vuln/CVE-2024-6197

Alpine Linux: CVE-2024-6874: Out-of-bounds Read Severity 3 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 07/24/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description libcurl's URL API function [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the *macidn* IDN backend. The conversion function then fills up the provided buffer exactly - but does not null terminate the string. This flaw can lead to stack contents accidently getting returned as part of the converted string. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2024-6874 CVE - 2024-6874 https://security.alpinelinux.org/vuln/CVE-2024-6874

Amazon Linux 2023: CVE-2024-41091: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 07/24/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one-->eth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tun_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted for IFF_TAP. This is to drop any frame shorter than the Ethernet header size just like how tun_get_user() does. CVE: CVE-2024-41091 A denial of service (DoS) attack was found in the mlx5 driver in the Linux kernel. A KVM guest VM using virtio-net can crash the host by sending a short packet, for example, size < ETH_HLEN. The packet may traverse through vhost-net, macvtap, and vlan without any validation or drop. When this packet is presented to the mlx5 driver on the host side, the kernel panic happens since mlx5_core assumes the frame size is always >= ETH_HLEN. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-102-108-177 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-41091 CVE - 2024-41091 https://alas.aws.amazon.com/AL2023/ALAS-2024-679.html

Google Chrome Vulnerability: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/24/2024 Created 07/24/2024 Added 07/24/2024 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-7004 CVE - 2024-7004