USN-6819-3

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536)

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-23849)

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

• ARM64 architecture;
• PowerPC architecture;
• RISC-V architecture;
• S390 architecture;
• Core kernel;
• x86 architecture;
• Block layer subsystem;
• Cryptographic API;
• ACPI drivers;
• Android drivers;
• Drivers core;
• Power management core;
• Bus devices;
• Device frequency scaling framework;
• DMA engine subsystem;
• EDAC drivers;
• ARM SCMI message protocol;
• GPU drivers;
• IIO ADC drivers;
• InfiniBand drivers;
• IOMMU subsystem;
• Media drivers;
• Multifunction device drivers;
• MTD block device drivers;
• Network drivers;
• NVME drivers;
• Device tree and open firmware driver;
• PCI driver for MicroSemi Switchtec;
• Power supply drivers;
• RPMSG subsystem;
• SCSI drivers;
• QCOM SoC drivers;
• SPMI drivers;
• Thermal drivers;
• TTY drivers;
• VFIO drivers;
• BTRFS file system;
• Ceph distributed file system;
• EFI Variable file system;
• EROFS file system;
• Ext4 file system;
• F2FS file system;
• GFS2 file system;
• JFS...