USN-6821-2

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270)

It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042)

It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841)

Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099)

It was discovered that the MediaTek SoC Gigabit Ethernet driver in the Linux kernel contained a race condition when stopping the device. A local attacker could possibly use this to cause a denial of service (device unavailability). (CVE-2024-27432)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

• ARM32 architecture;
• RISC-V architecture;
• x86 architecture;
• ACPI drivers;
• Block layer subsystem;
• Clock framework and drivers;
• CPU frequency scaling framework;
• Cryptographic API;
• DMA engine subsystem;
• EFI core;
• GPU drivers;
• InfiniBand drivers;
• IOMMU subsystem;
• Multiple devices driver;
• Media drivers;
• MMC subsystem;
• Network drivers;
• NTB driver;
• NVME drivers;
• PCI subsystem;
• MediaTek PM domains;
• Power supply drivers;
• SPI subsystem;
• Media staging drivers;
• TCM subsystem;
• USB subsystem;
• Framebuffer...