Linux Kernel Security Update Advisory (CVE-2024-39291, CVE-2024-38664, CVE-2024-38667)

Jul 01 2024

Overview

An update has been released to address vulnerability in the Linux Kernel. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-39291

Linux Kernel Versions: ~ 6.5 (excluded)
Linux Kernel Versions : 6.6 (inclusive) ~ 6.6.33 (excluded)
Linux Kernel Versions : 6.9 (inclusive) ~ 6.9.4 (exclusive)
Linux Kernel Version : 6.10.0-rc1

CVE-2024-38664

Linux Kernel Versions : ~ 6.2 (excluded)
Linux Kernel Versions : 6.6 (inclusive) ~ 6.6.33 (excluded)
Linux Kernel Versions : 6.9 (inclusive) ~ 6.9.4 (exclusive)
Linux Kernel Version : 6.10.0-rc1

CVE-2024-38667

Linux Kernel Versions : ~ 5.7 (excluded)
Linux Kernel Versions : 6.1 (inclusive) ~ 6.1.93 (excluded)
Linux Kernel Versions : 6.6 (inclusive) ~ 6.6.33 (exclusive)
Linux Kernel Versions : 6.9 (inclusive) ~ 6.9.4 (exclusive)
Linux Kernel Version : 6.10.0-rc1

Resolved Vulnerabilities

CVE-2024-39291: Buffer overflow in the snprintf function in the Linux Kernel amdgpu driver, potentially resulting in truncated output data (7.8 High, CVSS V3.1 Date Added: 2024.06.26)

CVE-2024-38664: Potential lock warning and synchronization vulnerability due to DRM bridge registration issues in the Linux Kernel zynqmp_dpsub driver (7.8 High, CVSS V3.1 Date Added: 2024.06.26)

CVE-2024-38667: Linux Kernel RISC-V Architecture in which idle threads in the secondary boot heart can be corrupted due to stack overlap with pt_regs (7.8 High, CVSS V3.1 Date Added: 2024.06.26)

vulnerability Action

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Cve-2024-39291, cve-2024-38664