ISHACK AI BOT

Debian: CVE-2024-46858: linux, linux-6.1 -- security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_pollnetlink_sendmsg __napi_pollnetlink_unicast process_backlognetlink_unicast_kernel __netif_receive_skbgenl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOKgenl_rcv_msg ip_local_deliver_finishgenl_family_rcv_msg ip_protocol_deliver_rcugenl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcvmptcp_nl_remove_addrs_list tcp_rcv_establishedmptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-46858 CVE - 2024-46858 DSA-5782-1

Amazon Linux 2023: CVE-2024-46858: Important priority package update for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1CPU2 ==== ==== net_rx_action napi_pollnetlink_sendmsg __napi_pollnetlink_unicast process_backlognetlink_unicast_kernel __netif_receive_skbgenl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOKgenl_rcv_msg ip_local_deliver_finishgenl_family_rcv_msg ip_protocol_deliver_rcugenl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcvmptcp_nl_remove_addrs_list tcp_rcv_establishedmptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-111-120-187 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-46858 CVE - 2024-46858 https://alas.aws.amazon.com/AL2023/ALAS-2024-744.html https://alas.aws.amazon.com/AL2023/ALAS-2024-755.html

Amazon Linux 2023: CVE-2024-46865: Important priority package update for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-111-120-187 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-46865 CVE - 2024-46865 https://alas.aws.amazon.com/AL2023/ALAS-2024-744.html https://alas.aws.amazon.com/AL2023/ALAS-2024-755.html

Amazon Linux 2023: CVE-2024-46822: Important priority package update for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL.This function would then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-111-120-187 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-46822 CVE - 2024-46822 https://alas.aws.amazon.com/AL2023/ALAS-2024-744.html https://alas.aws.amazon.com/AL2023/ALAS-2024-755.html

Debian: CVE-2024-46815: linux, linux-6.1 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-46815 CVE - 2024-46815 DSA-5782-1

Oracle Linux: CVE-2024-46819: ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-46819 CVE - 2024-46819 ELSA-2024-12815

Oracle Linux: CVE-2024-46817: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 09/27/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-46817 CVE - 2024-46817 ELSA-2024-12813 ELSA-2024-12815

Oracle Linux: CVE-2024-46815: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-46815 CVE - 2024-46815 ELSA-2024-12813 ELSA-2024-12815

Oracle Linux: CVE-2024-46826: ELSA-2024-8856:kernel security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 09/27/2024 Created 11/13/2024 Added 11/11/2024 Modified 01/07/2025 Description In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2024-46826 CVE - 2024-46826 ELSA-2024-8856

Oracle Linux: CVE-2024-46829: ELSA-2024-12813: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held.In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ] Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-46829 CVE - 2024-46829 ELSA-2024-12813 ELSA-2024-12815 ELSA-2024-12868

Oracle Linux: CVE-2024-46814: ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-46814 CVE - 2024-46814 ELSA-2024-12815

Ubuntu: (Multiple Advisories) (CVE-2024-46864): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call is conditioned upon "hyperv_init_cpuhp > 0". This will never be true and so hv_cpu_die() won't be called on all CPUs. This means the VP assist page won't be reset. When the kexec kernel tries to setup the VP assist page again, the hypervisor corrupts the memory region of the old VP assist page causing a panic in case the kexec kernel is using that memory elsewhere. This was originally fixed in commit dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues"). Get rid of hyperv_init_cpuhp entirely since we are no longer using a dynamic cpuhp state and use CPUHP_AP_HYPERV_ONLINE directly with cpuhp_remove_state(). Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1015-gke ubuntu-upgrade-linux-image-6-8-0-1016-raspi ubuntu-upgrade-linux-image-6-8-0-1017-ibm ubuntu-upgrade-linux-image-6-8-0-1017-oracle ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1018-oem ubuntu-upgrade-linux-image-6-8-0-1019-gcp ubuntu-upgrade-linux-image-6-8-0-1019-nvidia ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1020-aws ubuntu-upgrade-linux-image-6-8-0-1020-azure ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde ubuntu-upgrade-linux-image-6-8-0-50-generic ubuntu-upgrade-linux-image-6-8-0-50-generic-64k ubuntu-upgrade-linux-image-6-8-0-50-lowlatency ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-46864 CVE - 2024-46864 USN-7154-1 USN-7154-2 USN-7155-1 USN-7156-1 USN-7196-1

Ubuntu: (Multiple Advisories) (CVE-2024-46825): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware, so it should use IWL_FW_CHECK() instead of WARN_ON(). Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1015-gke ubuntu-upgrade-linux-image-6-8-0-1016-raspi ubuntu-upgrade-linux-image-6-8-0-1017-ibm ubuntu-upgrade-linux-image-6-8-0-1017-oracle ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1018-oem ubuntu-upgrade-linux-image-6-8-0-1019-gcp ubuntu-upgrade-linux-image-6-8-0-1019-nvidia ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1020-aws ubuntu-upgrade-linux-image-6-8-0-1020-azure ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde ubuntu-upgrade-linux-image-6-8-0-50-generic ubuntu-upgrade-linux-image-6-8-0-50-generic-64k ubuntu-upgrade-linux-image-6-8-0-50-lowlatency ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-46825 CVE - 2024-46825 USN-7154-1 USN-7154-2 USN-7155-1 USN-7156-1 USN-7196-1

Huawei EulerOS: CVE-2024-46815: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-46815 CVE - 2024-46815 EulerOS-SA-2024-2953

Huawei EulerOS: CVE-2024-46816: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links [Why] Coverity report OVERRUN warning. There are only max_links elements within dc->links. link count could up to AMDGPU_DM_MAX_DISPLAY_INDEX 31. [How] Make sure link count less than max_links. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-46816 CVE - 2024-46816 EulerOS-SA-2024-2953

Ubuntu: (Multiple Advisories) (CVE-2024-46803): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/27/2024 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. It will cause write dbg_ev_file execution after debug_trap_disable, which will cause NULL pointer access. v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1015-gke ubuntu-upgrade-linux-image-6-8-0-1016-raspi ubuntu-upgrade-linux-image-6-8-0-1017-ibm ubuntu-upgrade-linux-image-6-8-0-1017-oracle ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1018-oem ubuntu-upgrade-linux-image-6-8-0-1019-gcp ubuntu-upgrade-linux-image-6-8-0-1019-nvidia ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1020-aws ubuntu-upgrade-linux-image-6-8-0-1020-azure ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde ubuntu-upgrade-linux-image-6-8-0-50-generic ubuntu-upgrade-linux-image-6-8-0-50-generic-64k ubuntu-upgrade-linux-image-6-8-0-50-lowlatency ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-46803 CVE - 2024-46803 USN-7154-1 USN-7154-2 USN-7155-1 USN-7156-1 USN-7196-1

Huawei EulerOS: CVE-2024-46830: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/27/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU.I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems.Acquiring SRCU isn't all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted ----------------------------- include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? kvm_vcpu_ioctl+0x7d/0x970 [kvm] ? kvm_vcpu_ioctl+0x497/0x970 [kvm] kvm_vcpu_ioctl+0x497/0x970 [kvm] ? lock_acquire+0xba/0x2d0 ? find_held_lock+0x2b/0x80 ? do_user_addr_fault+0x40c/0x6f0 ? lock_release+0xb7/0x270 __x64_sys_ioctl+0x82/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7ff11eb1b539 </TASK> Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-46830 CVE - 2024-46830 EulerOS-SA-2025-1159

FreeBSD: VID-24375796-7CBC-11EF-A3A9-001CC0382B2F (CVE-2024-47176): cups-filters -- remote code execution Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/29/2024 Modified 10/04/2024 Description CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to. Solution(s) freebsd-upgrade-package-cups freebsd-upgrade-package-cups-filters References CVE-2024-47176

Alpine Linux: CVE-2024-8118: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/12/2024 Added 10/10/2024 Modified 10/10/2024 Description In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules. Solution(s) alpine-linux-upgrade-grafana References https://attackerkb.com/topics/cve-2024-8118 CVE - 2024-8118 https://security.alpinelinux.org/vuln/CVE-2024-8118

Huawei EulerOS: CVE-2024-47175: cups security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/15/2025 Description CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. Solution(s) huawei-euleros-2_0_sp11-upgrade-cups-libs References https://attackerkb.com/topics/cve-2024-47175 CVE - 2024-47175 EulerOS-SA-2024-2977

Oracle Linux: CVE-2024-47076: ELSA-2024-7346:cups-filters security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:N) Published 09/26/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system. Solution(s) oracle-linux-upgrade-cups-filters oracle-linux-upgrade-cups-filters-devel oracle-linux-upgrade-cups-filters-libs References https://attackerkb.com/topics/cve-2024-47076 CVE - 2024-47076 ELSA-2024-7346 ELSA-2024-7463 ELSA-2024-7553

Oracle Linux: CVE-2024-47176: ELSA-2024-7346:cups-filters security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 09/26/2024 Created 11/13/2024 Added 10/16/2024 Modified 01/23/2025 Description A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer&apos;s capabilities (such as supported media sizes, resolutions, color modes, etc.). PPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way. A security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header. Solution(s) oracle-linux-upgrade-cups-filters oracle-linux-upgrade-cups-filters-devel oracle-linux-upgrade-cups-filters-libs References https://attackerkb.com/topics/cve-2024-47176 CVE - 2024-47176 ELSA-2024-7346 ELSA-2024-7463 ELSA-2024-7553

CUPS IPP Attributes LAN Remote Code Execution Disclosed 09/26/2024 Created 11/22/2024 Description This module exploits vulnerabilities in OpenPrinting CUPS, which is running by default on most Linux distributions. The vulnerabilities allow an attacker on the LAN to advertise a malicious printer that triggers remote code execution when a victim sends a print job to the malicious printer. Successful exploitation requires user interaction, but no CUPS services need to be reachable via accessible ports. Code execution occurs in the context of the lp user. Affected versions are cups-browsed <= 2.0.1, libcupsfilters <= 2.1b1, libppd <= 2.1b1, and cups-filters <= 2.0.1. Author(s) Simone Margaritelli Rick de Jager David Batley Spencer McIntyre RageLtMan <rageltman@sempervictus> Ryan Emmons Platform Linux,Unix Architectures cmd Development Source Code History

Alma Linux: CVE-2024-47176: Important: cups-filters security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/26/2024 Created 10/01/2024 Added 09/30/2024 Modified 10/04/2024 Description CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to. Solution(s) alma-upgrade-cups-filters alma-upgrade-cups-filters-devel alma-upgrade-cups-filters-libs References https://attackerkb.com/topics/cve-2024-47176 CVE - 2024-47176 https://errata.almalinux.org/8/ALSA-2024-7463.html https://errata.almalinux.org/9/ALSA-2024-7346.html

CUPS: CVE-2024-47176: Unvalidated UDP Binds Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 09/26/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/30/2024 Description Affecting cups-browsed less than or equal to 2.0.1: binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. Solution(s) misc-no-solution-exists References https://attackerkb.com/topics/cve-2024-47176 CVE - 2024-47176 https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/