Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PA-RISC architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- Null block device driver;
- Character device driver;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- CXL (Compute Express Link) drivers;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- EFI core;
- FPGA Framework;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- HW tracing;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Input Device (Mouse) drivers;
- Mailbox framework;
- Media drivers;
- Microchip PCI driver;
- VMware VMCI Driver;
- MMC subsystem;
- Network drivers;
- PCI subsystem;
- x86 platform drivers;
- PTP clock framework;
- S/390 drivers;
- SCSI drivers;
- SoundWire subsystem;
- Sonic Silicon Backplane drivers;
- Greybus lights staging drivers;
- Thermal drivers;
- TTY drivers;
- USB subsystem;
- VFIO drivers;
- Framebuffer layer;
- Watchdog drivers;
- 9P distributed file system;
- BTRFS file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFS file system;...