Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability (CVE-2022-0001) were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information. (CVE-2024-2201) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Hardware random number generator core; - Ext4 file system; - JFS file system; - Bluetooth subsystem; - Networking core; - IPv4 networking; - Logical Link layer; - Netlink; - Tomoyo security module; (CVE-2024-26704, CVE-2023-52615, CVE-2024-26805, CVE-2023-52604, CVE-2024-26614, CVE-2023-52602, CVE-2024-26635, CVE-2024-26622, CVE-2023-52601, CVE-2024-26801)
Continue reading...
Continue reading...
