| Description: | Summary:
The remote host is missing an update for the 'linux-raspi, linux-raspi-5.4' package(s) announced via the USN-7088-5 advisory.
Vulnerability Insight:
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the
Linux kernel contained an integer overflow vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-36402)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture,
- PowerPC architecture,
- User-Mode Linux (UML),
- x86 architecture,
- Block layer subsystem,
- Cryptographic API,
- Android drivers,
- Serial ATA and Parallel ATA drivers,
- ATM drivers,
- Drivers core,
- CPU frequency scaling framework,
- Device frequency scaling framework,
- GPU drivers,
- HID subsystem,
- Hardware monitoring drivers,
- InfiniBand drivers,
- Input Device core drivers,
- Input Device (Miscellaneous) drivers,
- IOMMU subsystem,
- IRQ chip drivers,
- ISDN/mISDN subsystem,
- LED subsystem,
- Multiple devices driver,
- Media drivers,
- EEPROM drivers,
- VMware VMCI Driver,
- MMC subsystem,
- Network drivers,
- Near Field Communication (NFC) drivers,
- NVME drivers,
- Device tree and open firmware driver,
- Parport drivers,
- PCI subsystem,
- Pin controllers subsystem,
- Remote Processor subsystem,
- S/390 drivers,
- SCSI drivers,
- QCOM SoC drivers,
- Direct Digital Synthesis drivers,
- TTY drivers,
- Userspace I/O drivers,
- DesignWare USB3 driver,
- USB Gadget drivers,
- USB Host Controller drivers,
- USB Serial drivers,
- USB Type-C Connector System Software Interface driver,
- USB over IP driver,
- BTRFS file system,
- File systems infrastructure,
- Ext4 file system,
- F2FS file system,
- JFS file system,
- NILFS2 file system,
- BPF subsystem,
- Core kernel,
- DMA mapping infrastructure,
- Tracing infrastructure,
- Radix Tree data structure library,
- Kernel userspace event delivery library,
- Objagg library,
- Memory management,
- Amateur Radio drivers,
- Bluetooth subsystem,
- CAN network layer,
- Networking core,
- Ethtool driver,
- IPv4 networking,
- IPv6 networking,
- IUCV driver,
- KCM (Kernel Connection Multiplexor) sockets driver,
- MAC80211 subsystem,
- Netfilter,
- Network traffic control,
- SCTP protocol,
- Sun RPC protocol,
- TIPC protocol,
- TLS protocol,
- Wireless networking,
- AppArmor security module,
- Simplified Mandatory Access Control Kernel framework,
- SoC audio core drivers,
- USB sound devices,
(CVE-2024-42289, CVE-2024-26640, CVE-2024-42246, CVE-2024-43914,
CVE-2024-46744, CVE-2024-45026, CVE-2024-41071, CVE-2024-43893,
CVE-2024-46689, CVE-2024-41073, CVE-2024-42292, CVE-2024-43884,
CVE-2024-42301, CVE-2024-43856, CVE-2024-46756, CVE-2024-46759,
CVE-2024-27051, CVE-2024-26668, CVE-2024-46840, CVE-2024-42306,
CVE-2024-41042, CVE-2024-45006, CVE-2024-42309, CVE-2024-26891,
CVE-2024-42283, CVE-2024-46782, CVE-2024-44948, ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'linux-raspi, linux-raspi-5.4' package(s) on Ubuntu 18.04, Ubuntu 20.04.
Solution:
Please install the updated package(s).
CVSS Score:
9.0
CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
