ISHACK AI BOT

Microsoft Windows: CVE-2024-49125: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49125: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49125 CVE - 2024-49125 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048735 View more

Microsoft Windows: CVE-2024-49122: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49122: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5048703 microsoft-windows-windows_10-1607-kb5048671 microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2012-kb5048699 microsoft-windows-windows_server_2012_r2-kb5048735 microsoft-windows-windows_server_2016-1607-kb5048671 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-21h2-kb5048654 microsoft-windows-windows_server_2022-22h2-kb5048654 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49122 CVE - 2024-49122 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048654 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048671 https://support.microsoft.com/help/5048685 https://support.microsoft.com/help/5048699 https://support.microsoft.com/help/5048703 https://support.microsoft.com/help/5048735 View more

Adobe Animate: CVE-2024-45156: Security updates available for Adobe Animate (APSB24-96) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/12/2024 Added 12/11/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical vulnerabilities. Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-45156 CVE - 2024-45156 https://helpx.adobe.com/security/products/animate/apsb24-96.html

Microsoft Windows: CVE-2024-49074: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49074: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_server_2019-1809-kb5048661 References https://attackerkb.com/topics/cve-2024-49074 CVE - 2024-49074 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048661

Adobe Animate: CVE-2024-52983: Security updates available for Adobe Animate (APSB24-96) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 12/10/2024 Created 12/12/2024 Added 12/11/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical vulnerabilities. Successful exploitation could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2024-52983 CVE - 2024-52983 https://helpx.adobe.com/security/products/animate/apsb24-96.html

Microsoft Windows: CVE-2024-49111: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/10/2024 Created 12/11/2024 Added 12/10/2024 Modified 01/15/2025 Description Microsoft Windows: CVE-2024-49111: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1809-kb5048661 microsoft-windows-windows_10-21h2-kb5048652 microsoft-windows-windows_10-22h2-kb5048652 microsoft-windows-windows_11-22h2-kb5048685 microsoft-windows-windows_11-23h2-kb5048685 microsoft-windows-windows_11-24h2-kb5048667 microsoft-windows-windows_server_2019-1809-kb5048661 microsoft-windows-windows_server_2022-23h2-kb5048653 microsoft-windows-windows_server_2025-24h2-kb5048667 References https://attackerkb.com/topics/cve-2024-49111 CVE - 2024-49111 https://support.microsoft.com/help/5048652 https://support.microsoft.com/help/5048653 https://support.microsoft.com/help/5048661 https://support.microsoft.com/help/5048667 https://support.microsoft.com/help/5048685

Huawei EulerOS: CVE-2024-46901: subversion security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/09/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. Solution(s) huawei-euleros-2_0_sp11-upgrade-subversion huawei-euleros-2_0_sp11-upgrade-subversion-help References https://attackerkb.com/topics/cve-2024-46901 CVE - 2024-46901 EulerOS-SA-2025-1167

Red Hat JBossEAP: Insufficient Verification of Data Authenticity (CVE-2024-12369) Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:N) Published 12/09/2024 Created 12/24/2024 Added 12/20/2024 Modified 12/20/2024 Description A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.. A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-12369 CVE - 2024-12369 https://access.redhat.com/security/cve/CVE-2024-12369 https://bugzilla.redhat.com/show_bug.cgi?id=2331178

Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution Disclosed 12/09/2024 Created 01/16/2025 Description This module exploits an unauthenticated file write vulnerability in Cleo LexiCom, VLTrader, and Harmony versions 5.8.0.23 and below. Author(s) sfewer-r7 remmons-r7 Platform Java,Linux,Unix,Windows Architectures java, cmd Development Source Code History

Red Hat JBossEAP: Infinite Loop (CVE-2024-55565) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 12/09/2024 Created 12/24/2024 Added 12/20/2024 Modified 12/20/2024 Description nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-55565 CVE - 2024-55565 https://access.redhat.com/security/cve/CVE-2024-55565 https://bugzilla.redhat.com/show_bug.cgi?id=2331063 https://github.com/ai/nanoid/compare/3.3.7...3.3.8 https://github.com/ai/nanoid/pull/510 https://github.com/ai/nanoid/releases/tag/5.0.9

Debian: CVE-2024-48916: ceph -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/09/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description Authentication bypass in CEPH RadosGW Solution(s) debian-upgrade-ceph References https://attackerkb.com/topics/cve-2024-48916 CVE - 2024-48916 DSA-5825-1

Debian: CVE-2024-55565: node-mocha, node-postcss -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/09/2024 Created 12/31/2024 Added 12/30/2024 Modified 01/13/2025 Description nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. Solution(s) debian-upgrade-node-mocha debian-upgrade-node-postcss References https://attackerkb.com/topics/cve-2024-55565 CVE - 2024-55565 DLA-4003-1

Debian: CVE-2024-53907: python-django -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/06/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/03/2025 Description An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. Solution(s) debian-upgrade-python-django References https://attackerkb.com/topics/cve-2024-53907 CVE - 2024-53907 DLA-4006-1

Huawei EulerOS: CVE-2024-46901: subversion security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/09/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. Solution(s) huawei-euleros-2_0_sp12-upgrade-subversion huawei-euleros-2_0_sp12-upgrade-subversion-help References https://attackerkb.com/topics/cve-2024-46901 CVE - 2024-46901 EulerOS-SA-2025-1198

Oracle Linux: CVE-2024-53141: ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 12/06/2024 Created 02/12/2025 Added 02/10/2025 Modified 02/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-53141 CVE - 2024-53141 ELSA-2025-20095 ELSA-2025-20100

SUSE: CVE-2024-12254: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/06/2024 Created 01/10/2025 Added 01/09/2025 Modified 01/09/2025 Description Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. Solution(s) suse-upgrade-libpython3_12-1_0 suse-upgrade-libpython3_12-1_0-32bit suse-upgrade-python312 suse-upgrade-python312-32bit suse-upgrade-python312-base suse-upgrade-python312-base-32bit suse-upgrade-python312-curses suse-upgrade-python312-dbm suse-upgrade-python312-devel suse-upgrade-python312-doc suse-upgrade-python312-doc-devhelp suse-upgrade-python312-idle suse-upgrade-python312-testsuite suse-upgrade-python312-tk suse-upgrade-python312-tools References https://attackerkb.com/topics/cve-2024-12254 CVE - 2024-12254

Microsoft Edge Chromium: CVE-2024-49041 Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/06/2024 Created 12/07/2024 Added 12/06/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-49041 CVE - 2024-49041 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49041

Oracle Linux: CVE-2024-12254: ELSA-2024-10978:python3.12 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/06/2024 Created 12/14/2024 Added 12/12/2024 Modified 01/07/2025 Description Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. Solution(s) oracle-linux-upgrade-python3-12 oracle-linux-upgrade-python3-12-debug oracle-linux-upgrade-python3-12-devel oracle-linux-upgrade-python3-12-idle oracle-linux-upgrade-python3-12-libs oracle-linux-upgrade-python3-12-rpm-macros oracle-linux-upgrade-python3-12-test oracle-linux-upgrade-python3-12-tkinter References https://attackerkb.com/topics/cve-2024-12254 CVE - 2024-12254 ELSA-2024-10978 ELSA-2024-10980

Alma Linux: CVE-2024-12254: Important: python3.12 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/06/2024 Created 12/20/2024 Added 12/19/2024 Modified 12/24/2024 Description Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. Solution(s) alma-upgrade-python3.12 alma-upgrade-python3.12-debug alma-upgrade-python3.12-devel alma-upgrade-python3.12-idle alma-upgrade-python3.12-libs alma-upgrade-python3.12-rpm-macros alma-upgrade-python3.12-test alma-upgrade-python3.12-tkinter References https://attackerkb.com/topics/cve-2024-12254 CVE - 2024-12254 https://errata.almalinux.org/8/ALSA-2024-10980.html https://errata.almalinux.org/9/ALSA-2024-10978.html

Oracle Linux: CVE-2024-53142: ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 12/06/2024 Created 02/13/2025 Added 02/11/2025 Modified 02/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field nameField size Meaning 57 ============= ================== ========================= ... 70 c_namesize8 bytesLength of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar="A"# change to "\0" to properly zero terminate / pad magic="070701" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname="initramfs_test_fname_overrun" namelen=$(( ${#fname} + 1 ))# plus one to account for terminator printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \ $magic $ino $mode $uid $gid $nlink $mtime $filesize \ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf "%.s${nilchar}" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-53142 CVE - 2024-53142 ELSA-2025-20095 ELSA-2025-20100

Debian: CVE-2024-53141: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/06/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-53141 CVE - 2024-53141

Ubuntu: (Multiple Advisories) (CVE-2024-53141): Linux kernel vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 12/06/2024 Created 01/31/2025 Added 01/30/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. Solution(s) ubuntu-upgrade-linux-image-3-13-0-202-generic ubuntu-upgrade-linux-image-3-13-0-202-lowlatency ubuntu-upgrade-linux-image-4-15-0-1139-oracle ubuntu-upgrade-linux-image-4-15-0-1160-kvm ubuntu-upgrade-linux-image-4-15-0-1170-gcp ubuntu-upgrade-linux-image-4-15-0-1177-aws ubuntu-upgrade-linux-image-4-15-0-1185-azure ubuntu-upgrade-linux-image-4-15-0-233-generic ubuntu-upgrade-linux-image-4-15-0-233-lowlatency ubuntu-upgrade-linux-image-4-4-0-1140-aws ubuntu-upgrade-linux-image-4-4-0-1178-aws ubuntu-upgrade-linux-image-4-4-0-263-generic ubuntu-upgrade-linux-image-4-4-0-263-lowlatency ubuntu-upgrade-linux-image-5-15-0-1059-gkeop ubuntu-upgrade-linux-image-5-15-0-1069-ibm ubuntu-upgrade-linux-image-5-15-0-1071-nvidia ubuntu-upgrade-linux-image-5-15-0-1071-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1071-raspi ubuntu-upgrade-linux-image-5-15-0-1072-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1073-gke ubuntu-upgrade-linux-image-5-15-0-1073-kvm ubuntu-upgrade-linux-image-5-15-0-1074-oracle ubuntu-upgrade-linux-image-5-15-0-1075-gcp ubuntu-upgrade-linux-image-5-15-0-1077-aws ubuntu-upgrade-linux-image-5-15-0-1079-azure ubuntu-upgrade-linux-image-5-15-0-131-generic ubuntu-upgrade-linux-image-5-15-0-131-generic-64k ubuntu-upgrade-linux-image-5-15-0-131-generic-lpae ubuntu-upgrade-linux-image-5-15-0-131-lowlatency ubuntu-upgrade-linux-image-5-15-0-131-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1085-ibm ubuntu-upgrade-linux-image-5-4-0-1098-bluefield ubuntu-upgrade-linux-image-5-4-0-1122-raspi ubuntu-upgrade-linux-image-5-4-0-1126-kvm ubuntu-upgrade-linux-image-5-4-0-1137-oracle ubuntu-upgrade-linux-image-5-4-0-1139-aws ubuntu-upgrade-linux-image-5-4-0-1142-gcp ubuntu-upgrade-linux-image-5-4-0-1143-azure ubuntu-upgrade-linux-image-5-4-0-205-generic ubuntu-upgrade-linux-image-5-4-0-205-generic-lpae ubuntu-upgrade-linux-image-5-4-0-205-lowlatency ubuntu-upgrade-linux-image-6-8-0-1004-gkeop ubuntu-upgrade-linux-image-6-8-0-1017-gke ubuntu-upgrade-linux-image-6-8-0-1018-raspi ubuntu-upgrade-linux-image-6-8-0-1019-ibm ubuntu-upgrade-linux-image-6-8-0-1019-oracle ubuntu-upgrade-linux-image-6-8-0-1019-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1020-oem ubuntu-upgrade-linux-image-6-8-0-1021-azure ubuntu-upgrade-linux-image-6-8-0-1021-azure-fde ubuntu-upgrade-linux-image-6-8-0-1021-gcp ubuntu-upgrade-linux-image-6-8-0-1021-nvidia ubuntu-upgrade-linux-image-6-8-0-1021-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1021-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1021-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-52-generic ubuntu-upgrade-linux-image-6-8-0-52-generic-64k ubuntu-upgrade-linux-image-6-8-0-52-lowlatency ubuntu-upgrade-linux-image-6-8-0-52-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-trusty ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-edge ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-server ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2024-53141 CVE - 2024-53141 USN-7232-1 USN-7233-1 USN-7233-2 USN-7233-3 USN-7234-1 USN-7234-2 USN-7234-3 USN-7234-4 USN-7235-1 USN-7235-2 USN-7235-3 USN-7236-1 USN-7236-2 USN-7236-3 USN-7237-1 USN-7262-1 View more

Debian: CVE-2024-53142: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 12/06/2024 Created 01/14/2025 Added 01/13/2025 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field nameField size Meaning 57 ============= ================== ========================= ... 70 c_namesize8 bytesLength of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar="A" # change to "\0" to properly zero terminate / pad magic="070701" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname="initramfs_test_fname_overrun" namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \ $magic $ino $mode $uid $gid $nlink $mtime $filesize \ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf "%.s${nilchar}" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-53142 CVE - 2024-53142

Amazon Linux 2023: CVE-2024-12254: Important priority package update for python3.12 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 12/06/2024 Created 02/05/2025 Added 02/14/2025 Modified 02/14/2025 Description Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. Solution(s) amazon-linux-2023-upgrade-python3-12 amazon-linux-2023-upgrade-python3-12-debug amazon-linux-2023-upgrade-python3-12-debuginfo amazon-linux-2023-upgrade-python3-12-debugsource amazon-linux-2023-upgrade-python3-12-devel amazon-linux-2023-upgrade-python3-12-idle amazon-linux-2023-upgrade-python3-12-libs amazon-linux-2023-upgrade-python3-12-test amazon-linux-2023-upgrade-python3-12-tkinter References https://attackerkb.com/topics/cve-2024-12254 CVE - 2024-12254 https://alas.aws.amazon.com/AL2023/ALAS-2025-808.html

Oracle Linux: CVE-2024-53129: ELSA-2025-20095: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/04/2024 Created 02/12/2025 Added 02/10/2025 Modified 02/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077) Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-53129 CVE - 2024-53129 ELSA-2025-20095