Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6999-1
HistorySep 11, 2024 - 2:36 p.m.

linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-oem-6.8, linux-oracle vulnerabilities

2024-09-1114:36:17
Google
osv.dev
4
linux kernel vulnerabilities
cec driver
jfs file system
arm64 architecture
mips architecture
pa-risc architecture
powerpc architecture
risc-v architecture
x86 architecture
block layer subsystem
acpi drivers
drivers core
null block device driver
character device driver
tpm device driver
clock framework and drivers
cpu frequency scaling framework
hardware crypto device drivers
cxl (compute express link) drivers
buffer sharing and synchronization framework
and more

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)

It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:

  • ARM64 architecture;
  • MIPS architecture;
  • PA-RISC architecture;
  • PowerPC architecture;
  • RISC-V architecture;
  • x86 architecture;
  • Block layer subsystem;
  • ACPI drivers;
  • Drivers core;
  • Null block device driver;
  • Character device driver;
  • TPM device driver;
  • Clock framework and drivers;
  • CPU frequency scaling framework;
  • Hardware crypto device drivers;
  • CXL (Compute Express Link) drivers;
  • Buffer Sharing and Synchronization framework;
  • DMA engine subsystem;
  • EFI core;
  • FPGA Framework;
  • GPU drivers;
  • Greybus drivers;
  • HID subsystem;
  • HW tracing;
  • I2C subsystem;
  • IIO subsystem;
  • InfiniBand drivers;
  • Input Device (Mouse) drivers;
  • Mailbox framework;
  • Media drivers;
  • Microchip PCI driver;
  • VMware VMCI Driver;
  • Network drivers;
  • PCI subsystem;
  • x86 platform drivers;
  • PTP clock framework;
  • S/390 drivers;
  • SCSI drivers;
  • SoundWire subsystem;
  • Sonic Silicon Backplane drivers;
  • Greybus lights staging drivers;
  • Thermal drivers;
  • TTY drivers;
  • USB subsystem;
  • VFIO drivers;
  • Framebuffer layer;
  • Watchdog drivers;
  • 9P distributed file system;
  • BTRFS file system;
  • File systems infrastructure;
  • Ext4 file system;
  • F2FS file system;
  • JFS file system;
  • Network file system server daemon;
  • NILFS2 file system;
  • NTFS3 file system;
  • SMB network file system;
  • Tracing file system;
  • Tracing infrastructure;
  • io_uring subsystem;
  • Core kernel;
  • BPF subsystem;
  • Kernel debugger infrastructure;
  • DMA mapping infrastructure;
  • IRQ subsystem;
  • Memory management;
  • 9P file system network protocol;
  • Amateur Radio drivers;
  • B.A.T.M.A.N. meshing protocol;
  • Ethernet bridge;
  • Networking core;
  • Ethtool driver;
  • IPv4 networking;
  • IPv6 networking;
  • MAC80211 subsystem;
  • Multipath TCP;
  • Netfilter;
  • NET/ROM layer;
  • NFC subsystem;
  • Network traffic control;
  • Sun RPC protocol;
  • TIPC protocol;
  • TLS protocol;
  • Unix domain sockets;
  • Wireless networking;
  • XFRM subsystem;
  • AppArmor security module;
  • Integrity Measurement Architecture(IMA) framework;
  • Landlock security;
  • Linux Security Modules (LSM) Framework;
  • SELinux security module;
  • Simplified Mandatory Access Control Kernel framework;
  • ALSA framework;
  • HD-audio driver;
  • SOF drivers;
  • KVM core;
    (CVE-2024-40911, CVE-2024-37356, CVE-2024-40935, CVE-2024-40944,
    CVE-2024-41003, CVE-2024-40990, CVE-2024-40952, CVE-2024-40940,
    CVE-2024-40930, CVE-2024-40985, CVE-2024-40941, CVE-2024-38630,
    CVE-2024-39466, CVE-2024-40933, CVE-2024-38624, CVE-2024-40924,
    CVE-2024-40945, CVE-2024-40899, CVE-2024-38622, CVE-2024-40979,
    CVE-2024-36484, CVE-2024-41004, CVE-2024-39474, CVE-2022-48772,
    CVE-2024-36244, CVE-2024-38664, CVE-2024-40925, CVE-2024-40980,
    CVE-2024-39480, CVE-2024-36270, CVE-2024-40936, CVE-2024-40904,
    CVE-2024-38635, CVE-2024-40927, CVE-2024-36481, CVE-2024-40929,
    CVE-2024-40958, CVE-2024-36978, CVE-2024-40992, CVE-2024-40908,
    CVE-2024-39504, CVE-2024-41001, CVE-2024-40967, CVE-2023-52884,
    CVE-2024-40997, CVE-2024-40903, CVE-2024-40913, CVE-2024-34030,
    CVE-2024-39473, CVE-2024-40966, CVE-2024-40951, CVE-2024-40902,
    CVE-2024-40982, CVE-2024-40923, CVE-2024-39467, CVE-2024-40910,
    CVE-2024-40909, CVE-2024-39463, CVE-2024-40974, CVE-2024-41002,
    CVE-2024-39464, CVE-2024-39496, CVE-2024-41040, CVE-2024-39469,
    CVE-2024-39500, CVE-2024-39510, CVE-2024-38627, CVE-2024-32936,
    CVE-2024-40975, CVE-2024-38390, CVE-2024-40959, CVE-2024-41006,
    CVE-2024-40986, CVE-2024-40987, CVE-2024-40922, CVE-2024-40983,
    CVE-2024-37354, CVE-2024-38637, CVE-2024-39277, CVE-2024-40943,
    CVE-2024-39371, CVE-2024-40921, CVE-2024-40953, CVE-2024-38634,
    CVE-2024-38659, CVE-2024-39492, CVE-2024-40976, CVE-2024-40906,
    CVE-2024-40965, CVE-2024-38667, CVE-2024-39498, CVE-2024-38628,
    CVE-2024-38661, CVE-2024-38663, CVE-2024-40998, CVE-2024-40948,
    CVE-2024-38306, CVE-2024-40928, CVE-2024-39468, CVE-2024-39494,
    CVE-2024-39505, CVE-2024-40963, CVE-2024-39499, CVE-2024-39506,
    CVE-2024-40995, CVE-2024-39491, CVE-2024-40900, CVE-2024-39478,
    CVE-2024-39490, CVE-2024-39291, CVE-2024-40981, CVE-2024-40926,
    CVE-2024-40939, CVE-2024-38385, CVE-2024-39483, CVE-2024-40989,
    CVE-2024-40955, CVE-2024-39501, CVE-2024-38381, CVE-2024-33621,
    CVE-2024-40964, CVE-2024-42148, CVE-2024-36286, CVE-2024-38629,
    CVE-2024-39509, CVE-2024-39298, CVE-2024-36489, CVE-2024-34777,
    CVE-2024-40957, CVE-2024-40919, CVE-2024-39462, CVE-2024-39495,
    CVE-2024-39497, CVE-2024-38636, CVE-2024-36281, CVE-2024-39479,
    CVE-2024-40932, CVE-2024-36288, CVE-2024-38623, CVE-2024-40969,
    CVE-2024-40931, CVE-2024-36971, CVE-2024-40934, CVE-2024-36015,
    CVE-2024-39485, CVE-2024-40996, CVE-2024-39507, CVE-2024-36973,
    CVE-2024-38625, CVE-2024-39301, CVE-2024-34027, CVE-2024-37026,
    CVE-2024-40960, CVE-2024-37078, CVE-2024-40912, CVE-2024-40988,
    CVE-2024-41005, CVE-2024-39276, CVE-2024-38662, CVE-2024-39502,
    CVE-2024-36479, CVE-2024-40947, CVE-2024-38780, CVE-2024-38388,
    CVE-2024-40917, CVE-2024-36974, CVE-2024-40970, CVE-2024-40901,
    CVE-2024-38384, CVE-2024-39475, CVE-2024-40949, CVE-2024-37021,
    CVE-2024-38633, CVE-2024-39503, CVE-2024-41000, CVE-2024-33847,
    CVE-2024-35247, CVE-2024-40968, CVE-2024-33619, CVE-2024-38619,
    CVE-2024-40984, CVE-2024-36478, CVE-2024-39493, CVE-2024-42078,
    CVE-2024-40954, CVE-2024-40978, CVE-2024-39508, CVE-2024-40915,
    CVE-2024-39489, CVE-2024-40920, CVE-2024-38618, CVE-2024-40938,
    CVE-2024-39296, CVE-2024-40962, CVE-2024-39470, CVE-2024-39481,
    CVE-2024-40977, CVE-2024-38621, CVE-2024-40971, CVE-2024-31076,
    CVE-2024-36972, CVE-2024-39471, CVE-2024-40994, CVE-2024-40973,
    CVE-2024-40916, CVE-2024-40942, CVE-2024-40956, CVE-2024-39465,
    CVE-2024-40914, CVE-2024-40937, CVE-2024-40918, CVE-2024-40905,
    CVE-2024-39488, CVE-2024-38632, CVE-2024-39461, CVE-2024-40999,
    CVE-2024-40972, CVE-2024-36477, CVE-2024-40961)

References

Related

nessus 38
osv 28
openvas 19
oraclelinux 7
photon 2
amazon 2
ubuntu 6
redhat 2
redhatcve 16
cvelist 14
ubuntucve 14
nvd 12
vulnrichment 11
cbl_mariner 6
debiancve 17
cve 5
nessus
nessus
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6999-1)
2024-09-11 00:00:00
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-7005-2)
2024-09-13 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7004-1)
2024-09-12 00:00:00
osv
osv
linux-azure vulnerabilities
2024-09-12 13:23:45
linux-nvidia, linux-nvidia-lowlatency vulnerabilities
2024-09-12 13:47:54
linux-nvidia-6.8 vulnerabilities
2024-09-13 11:22:12
openvas
openvas
Ubuntu: Security Advisory (USN-7005-2)
2024-09-16 00:00:00
Ubuntu: Security Advisory (USN-7005-1)
2024-09-13 00:00:00
Ubuntu: Security Advisory (USN-7004-1)
2024-09-13 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2024-08-12 00:00:00
Unbreakable Enterprise kernel-container security update
2024-08-12 00:00:00
Unbreakable Enterprise kernel security update
2024-08-12 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0769
2024-06-28 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0640
2024-06-26 00:00:00
amazon
amazon
Important: kernel
2024-08-01 03:01:00
Medium: kernel
2024-08-14 19:05:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-08-08 00:00:00
Linux kernel (Raspberry Pi) vulnerabilities
2024-08-22 00:00:00
Linux kernel (Azure) vulnerabilities
2024-08-14 00:00:00
redhat
redhat
(RHSA-2024:6268) Moderate: kernel-rt security update
2024-09-04 00:06:53
(RHSA-2024:6267) Moderate: kernel security update
2024-09-04 00:06:41
redhatcve
redhatcve
CVE-2024-39481
2024-07-05 12:51:15
CVE-2024-40913
2024-07-16 15:05:29
CVE-2024-40910
2024-07-16 15:05:19
cvelist
cvelist
CVE-2024-40949 mm: shmem: fix getting incorrect lruvec when replacing a shmem folio
2024-07-12 12:31:54
CVE-2024-32936 media: ti: j721e-csi2rx: Fix races while restarting DMA
2024-06-24 13:56:48
CVE-2024-40933 iio: temperature: mlx90635: Fix ERR_PTR dereference in mlx90635_probe()
2024-07-12 12:25:11
ubuntucve
ubuntucve
CVE-2024-40952
2024-07-12 00:00:00
CVE-2024-40930
2024-07-12 00:00:00
CVE-2024-40917
2024-07-12 00:00:00
nvd
nvd
CVE-2024-40986
2024-07-12 13:15:20
CVE-2024-41003
2024-07-12 13:15:21
CVE-2024-40917
2024-07-12 13:15:14
vulnrichment
vulnrichment
CVE-2024-40965 i2c: lpi2c: Avoid calling clk_get_rate during transfer
2024-07-12 12:32:05
CVE-2024-39491 ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance
2024-07-10 07:14:10
CVE-2024-40951 ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()
2024-07-12 12:31:55
cbl_mariner
cbl_mariner
CVE-2024-38664 affecting package kernel for versions less than 6.6.35.1-4
2024-08-14 20:43:58
CVE-2024-40997 affecting package kernel for versions less than 6.6.47.1-1
2024-08-27 05:08:14
CVE-2024-39485 affecting package kernel for versions less than 5.15.164.1-1
2024-08-20 21:54:44
debiancve
debiancve
CVE-2024-40926
2024-07-12 13:15:15
CVE-2024-40992
2024-07-12 13:15:20
CVE-2024-40920
2024-07-12 13:15:15
cve
cve
CVE-2024-40952
2024-07-12 13:15:17
CVE-2024-40930
2024-07-12 13:15:15
CVE-2024-40918
2024-07-12 13:15:14

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON
Related for OSV:USN-6999-1
nessus38osv28openvas19oraclelinux7photon2amazon2ubuntu6redhat2redhatcve16cvelist14ubuntucve14nvd12vulnrichment11cbl_mariner6debiancve17cve5