ISHACK AI BOT

Ubuntu: (CVE-2024-27851): webkit2gtk vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) ubuntu-upgrade-webkit2gtk References https://attackerkb.com/topics/cve-2024-27851 CVE - 2024-27851 https://webkitgtk.org/security/WSA-2024-0005.html https://www.cve.org/CVERecord?id=CVE-2024-27851

Red Hat: CVE-2024-5458: php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 06/09/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. Solution(s) redhat-upgrade-apcu-panel redhat-upgrade-libzip redhat-upgrade-libzip-debuginfo redhat-upgrade-libzip-debugsource redhat-upgrade-libzip-devel redhat-upgrade-libzip-tools redhat-upgrade-libzip-tools-debuginfo redhat-upgrade-php redhat-upgrade-php-bcmath redhat-upgrade-php-bcmath-debuginfo redhat-upgrade-php-cli redhat-upgrade-php-cli-debuginfo redhat-upgrade-php-common redhat-upgrade-php-common-debuginfo redhat-upgrade-php-dba redhat-upgrade-php-dba-debuginfo redhat-upgrade-php-dbg redhat-upgrade-php-dbg-debuginfo redhat-upgrade-php-debuginfo redhat-upgrade-php-debugsource redhat-upgrade-php-devel redhat-upgrade-php-embedded redhat-upgrade-php-embedded-debuginfo redhat-upgrade-php-enchant redhat-upgrade-php-enchant-debuginfo redhat-upgrade-php-ffi redhat-upgrade-php-ffi-debuginfo redhat-upgrade-php-fpm redhat-upgrade-php-fpm-debuginfo redhat-upgrade-php-gd redhat-upgrade-php-gd-debuginfo redhat-upgrade-php-gmp redhat-upgrade-php-gmp-debuginfo redhat-upgrade-php-intl redhat-upgrade-php-intl-debuginfo redhat-upgrade-php-json redhat-upgrade-php-json-debuginfo redhat-upgrade-php-ldap redhat-upgrade-php-ldap-debuginfo redhat-upgrade-php-mbstring redhat-upgrade-php-mbstring-debuginfo redhat-upgrade-php-mysqlnd redhat-upgrade-php-mysqlnd-debuginfo redhat-upgrade-php-odbc redhat-upgrade-php-odbc-debuginfo redhat-upgrade-php-opcache redhat-upgrade-php-opcache-debuginfo redhat-upgrade-php-pdo redhat-upgrade-php-pdo-debuginfo redhat-upgrade-php-pear redhat-upgrade-php-pecl-apcu redhat-upgrade-php-pecl-apcu-debuginfo redhat-upgrade-php-pecl-apcu-debugsource redhat-upgrade-php-pecl-apcu-devel redhat-upgrade-php-pecl-rrd redhat-upgrade-php-pecl-rrd-debuginfo redhat-upgrade-php-pecl-rrd-debugsource redhat-upgrade-php-pecl-xdebug redhat-upgrade-php-pecl-xdebug-debuginfo redhat-upgrade-php-pecl-xdebug-debugsource redhat-upgrade-php-pecl-xdebug3 redhat-upgrade-php-pecl-xdebug3-debuginfo redhat-upgrade-php-pecl-xdebug3-debugsource redhat-upgrade-php-pecl-zip redhat-upgrade-php-pecl-zip-debuginfo redhat-upgrade-php-pecl-zip-debugsource redhat-upgrade-php-pgsql redhat-upgrade-php-pgsql-debuginfo redhat-upgrade-php-process redhat-upgrade-php-process-debuginfo redhat-upgrade-php-snmp redhat-upgrade-php-snmp-debuginfo redhat-upgrade-php-soap redhat-upgrade-php-soap-debuginfo redhat-upgrade-php-xml redhat-upgrade-php-xml-debuginfo redhat-upgrade-php-xmlrpc redhat-upgrade-php-xmlrpc-debuginfo References CVE-2024-5458 RHSA-2024:10949 RHSA-2024:10950 RHSA-2024:10951 RHSA-2024:10952

Debian: CVE-2024-37383: roundcube -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/07/2024 Created 06/20/2024 Added 06/19/2024 Modified 01/28/2025 Description Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Solution(s) debian-upgrade-roundcube References https://attackerkb.com/topics/cve-2024-37383 CVE - 2024-37383 DLA-3835-1

Amazon Linux 2023: CVE-2024-6239: Medium priority package update for poppler Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Solution(s) amazon-linux-2023-upgrade-poppler amazon-linux-2023-upgrade-poppler-cpp amazon-linux-2023-upgrade-poppler-cpp-debuginfo amazon-linux-2023-upgrade-poppler-cpp-devel amazon-linux-2023-upgrade-poppler-debuginfo amazon-linux-2023-upgrade-poppler-debugsource amazon-linux-2023-upgrade-poppler-devel amazon-linux-2023-upgrade-poppler-glib amazon-linux-2023-upgrade-poppler-glib-debuginfo amazon-linux-2023-upgrade-poppler-glib-devel amazon-linux-2023-upgrade-poppler-glib-doc amazon-linux-2023-upgrade-poppler-utils amazon-linux-2023-upgrade-poppler-utils-debuginfo References https://attackerkb.com/topics/cve-2024-6239 CVE - 2024-6239 https://alas.aws.amazon.com/AL2023/ALAS-2024-741.html

Huawei EulerOS: CVE-2023-49441: dnsmasq security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. Solution(s) huawei-euleros-2_0_sp11-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-49441 CVE - 2023-49441 EulerOS-SA-2024-2576

Huawei EulerOS: CVE-2024-33655: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/06/2024 Created 01/15/2025 Added 01/14/2025 Modified 01/14/2025 Description The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. Solution(s) huawei-euleros-2_0_sp10-upgrade-python3-unbound huawei-euleros-2_0_sp10-upgrade-unbound huawei-euleros-2_0_sp10-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-33655 CVE - 2024-33655 EulerOS-SA-2025-1032

Alpine Linux: CVE-2024-33655: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. Solution(s) alpine-linux-upgrade-unbound References https://attackerkb.com/topics/cve-2024-33655 CVE - 2024-33655 https://security.alpinelinux.org/vuln/CVE-2024-33655

Ubuntu: (CVE-2023-49441): dnsmasq vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. Solution(s) ubuntu-pro-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-49441 CVE - 2023-49441 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.html https://www.cve.org/CVERecord?id=CVE-2023-49441

Alma Linux: CVE-2024-3049: Important: booth security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/06/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Solution(s) alma-upgrade-booth alma-upgrade-booth-arbitrator alma-upgrade-booth-core alma-upgrade-booth-site alma-upgrade-booth-test References https://attackerkb.com/topics/cve-2024-3049 CVE - 2024-3049 https://errata.almalinux.org/8/ALSA-2024-3659.html https://errata.almalinux.org/9/ALSA-2024-3661.html

Red Hat: CVE-2024-3049: booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 06/06/2024 Created 06/07/2024 Added 06/07/2024 Modified 09/03/2024 Description A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Solution(s) redhat-upgrade-booth redhat-upgrade-booth-arbitrator redhat-upgrade-booth-core redhat-upgrade-booth-core-debuginfo redhat-upgrade-booth-debugsource redhat-upgrade-booth-site redhat-upgrade-booth-test References CVE-2024-3049 RHSA-2024:3658 RHSA-2024:3659 RHSA-2024:3660 RHSA-2024:3661

Huawei EulerOS: CVE-2023-49441: dnsmasq security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. Solution(s) huawei-euleros-2_0_sp10-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-49441 CVE - 2023-49441 EulerOS-SA-2024-2433

VMware Photon OS: CVE-2024-33655 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-33655 CVE - 2024-33655

Oracle Linux: CVE-2024-6239: ELSA-2024-5305:poppler security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/24/2024 Description A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Solution(s) oracle-linux-upgrade-poppler oracle-linux-upgrade-poppler-cpp oracle-linux-upgrade-poppler-cpp-devel oracle-linux-upgrade-poppler-devel oracle-linux-upgrade-poppler-glib oracle-linux-upgrade-poppler-glib-devel oracle-linux-upgrade-poppler-glib-doc oracle-linux-upgrade-poppler-qt5 oracle-linux-upgrade-poppler-qt5-devel oracle-linux-upgrade-poppler-utils References https://attackerkb.com/topics/cve-2024-6239 CVE - 2024-6239 ELSA-2024-5305 ELSA-2024-9167

PHP CGI Argument Injection Remote Code Execution Disclosed 06/06/2024 Created 06/17/2024 Description This module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D) character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch), and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches. XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode. Author(s) Orange Tsai watchTowr sfewer-r7 Platform PHP,Windows Architectures php, cmd Development Source Code History

Huawei EulerOS: CVE-2024-33655: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/06/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3-unbound huawei-euleros-2_0_sp11-upgrade-unbound huawei-euleros-2_0_sp11-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-33655 CVE - 2024-33655 EulerOS-SA-2024-2988

Rocky Linux: CVE-2024-3049: booth (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/06/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Solution(s) rocky-upgrade-booth rocky-upgrade-booth-core rocky-upgrade-booth-core-debuginfo rocky-upgrade-booth-debugsource References https://attackerkb.com/topics/cve-2024-3049 CVE - 2024-3049 https://errata.rockylinux.org/RLSA-2024:3659 https://errata.rockylinux.org/RLSA-2024:3661

Debian: CVE-2023-49441: dnsmasq -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/06/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. Solution(s) debian-upgrade-dnsmasq References https://attackerkb.com/topics/cve-2023-49441 CVE - 2023-49441

FreeBSD: VID-91929399-249E-11EF-9296-B42E991FC52E (CVE-2024-36399): kanboard -- Project Takeover via IDOR in ProjectPermissionController Severity 7 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:P) Published 06/06/2024 Created 06/11/2024 Added 06/08/2024 Modified 01/28/2025 Description Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37. Solution(s) freebsd-upgrade-package-kanboard References CVE-2024-36399

Debian: CVE-2024-3049: booth -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/06/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Solution(s) debian-upgrade-booth References https://attackerkb.com/topics/cve-2024-3049 CVE - 2024-3049 DLA-3894-1

Huawei EulerOS: CVE-2024-33655: unbound security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/06/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-unbound huawei-euleros-2_0_sp12-upgrade-unbound huawei-euleros-2_0_sp12-upgrade-unbound-libs References https://attackerkb.com/topics/cve-2024-33655 CVE - 2024-33655 EulerOS-SA-2024-2959

SUSE: CVE-2024-3049: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/06/2024 Created 06/19/2024 Added 06/18/2024 Modified 01/28/2025 Description A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Solution(s) suse-upgrade-booth suse-upgrade-booth-test References https://attackerkb.com/topics/cve-2024-3049 CVE - 2024-3049

Amazon Linux AMI 2: CVE-2024-3049: Security patch for booth (ALAS-2024-2575) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/06/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Solution(s) amazon-linux-ami-2-upgrade-booth amazon-linux-ami-2-upgrade-booth-arbitrator amazon-linux-ami-2-upgrade-booth-core amazon-linux-ami-2-upgrade-booth-debuginfo amazon-linux-ami-2-upgrade-booth-site amazon-linux-ami-2-upgrade-booth-test References https://attackerkb.com/topics/cve-2024-3049 AL2/ALAS-2024-2575 CVE - 2024-3049

Ubuntu: (Multiple Advisories) (CVE-2024-36966): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/08/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache mode, and then attempt to free an anon_dev that has never been allocated, triggering the following warning: ============================================ ida_free called for id=0 which is not allocated. WARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140 Modules linked in: CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630 RIP: 0010:ida_free+0x134/0x140 Call Trace: <TASK> erofs_kill_sb+0x81/0x90 deactivate_locked_super+0x35/0x80 get_tree_bdev+0x136/0x1e0 vfs_get_tree+0x2c/0xf0 do_new_mount+0x190/0x2f0 [...] ============================================ Now when erofs_kill_sb() is called, erofs_sb_info must have been initialised, so use sbi->fsid to distinguish between the two modes. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1008-gke ubuntu-upgrade-linux-image-6-8-0-1009-raspi ubuntu-upgrade-linux-image-6-8-0-1010-ibm ubuntu-upgrade-linux-image-6-8-0-1010-oem ubuntu-upgrade-linux-image-6-8-0-1010-oracle ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1012-azure ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde ubuntu-upgrade-linux-image-6-8-0-1012-gcp ubuntu-upgrade-linux-image-6-8-0-1013-aws ubuntu-upgrade-linux-image-6-8-0-40-generic ubuntu-upgrade-linux-image-6-8-0-40-generic-64k ubuntu-upgrade-linux-image-6-8-0-40-lowlatency ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-36966 CVE - 2024-36966 USN-6949-1 USN-6949-2 USN-6952-1 USN-6952-2 USN-6955-1

Red Hat: CVE-2024-36967: kernel: KEYS: trusted: Fix memory leak in tpm2_key_encode() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-36967 RHSA-2024:9315

SUSE: CVE-2024-36969: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/08/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected. kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-36969 CVE - 2024-36969