USN-7007-2

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848)

Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741)

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-40902)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

• ARM64 architecture;
• M68K architecture;
• MIPS architecture;
• PowerPC architecture;
• RISC-V architecture;
• x86 architecture;
• Block layer subsystem;
• Cryptographic API;
• Accessibility subsystem;
• ACPI drivers;
• Serial ATA and Parallel ATA drivers;
• Drivers core;
• Bluetooth drivers;
• Character device driver;
• CPU frequency scaling framework;
• Hardware crypto device drivers;
• Buffer Sharing and Synchronization framework;
• DMA engine subsystem;
• FPGA Framework;
• GPIO subsystem;
• GPU drivers;
• Greybus drivers;
• HID subsystem;
• HW tracing;
• I2C subsystem;
• IIO subsystem;
• InfiniBand drivers;
• Input Device (Mouse) drivers;
• Macintosh device drivers;
• Multiple devices driver;
• Media drivers;
• VMware VMCI Driver;
• Network drivers;
• Near Field Communication (NFC) drivers;
• NVME drivers;
• Pin controllers subsystem;
• PTP clock framework;
• S/390 drivers;
• SCSI drivers;
• SoundWire subsystem;
• Greybus lights staging drivers;
• Media staging drivers;
• Thermal drivers;
• TTY drivers; -...