Security Advisory

Linux Kernel Security Update Advisory

  • Jul 05 2024

Overview

An update has been made available to address a vulnerability in the Linux Kernel. users of affected versions are advised to update to the latest version.

 

Affected Products

CVE-2024-38612

  • Linux Kernel Version: 4.10

 

CVE-2024-38616

  • Linux Kernel Version: 5.17

 

CVE-2022-48747

  • Linux Kernel Versions: 5.4 (inclusive) ~ 5.4.176 (excluded)
  • Linux Kernel Versions: 5.10 (inclusive) ~  5.10.96 (excluded)
  • Linux Kernel Versions: 5.15 (inclusive) ~  5.15.19 (excluded)
  • Linux Kernel Versions: 5.16 (inclusive) ~  5.16.5 (exclusive)
  • Linux Kernel Versions: ~5.17 (excluded)

 

CVE-2023-52883

  • Linux Kernel Version: 6.4

 

CVE-2022-48716

  • Linux Kernel Version: 5.14

 

CVE-2022-48754

  • Linux Kernel Version: 4.16

 

CVE-2022-48748

  • Linux Kernel Version: 5.6

 

CVE-2024-38623

  • Linux Kernel Version: 5.15

 

CVE-2024-38384

  • Linux Kernel Version: 6.2

 

CVE-2021-4440

  • Linux Kernel Version: 5.10.215

 

CVE-2024-39462

  • Linux Kernel Version: 6.6

 

CVE-2024-38605

  • Linux Kernel Version: 5.9

 

CVE-2024-39480

  • Linux Kernel Versions: 4.19 (inclusive) ~  4.19.316 (exclusive)
  • Linux Kernel Versions: 5.4 (inclusive) ~  5.4.278 (exclusive)
  • Linux Kernel versions: 5.10 (inclusive) ~  5.10.219 (exclusive)
  • Linux Kernel versions: 5.15 (inclusive) ~  5.15.161 (exclusive)
  • Linux Kernel versions: 6.1 (inclusive) ~  6.1.94 (exclusive)
  • Linux Kernel Versions: 6.6 (inclusive) ~  6.6.34 (exclusive)
  • Linux Kernel Versions: 6.9 (inclusive) ~  6.9.5 (exclusive)
  • Linux Kernel Versions: ~ 6.10-rc1 (exclusive)

 

CVE-2024-39479

  • Linux Kernel Versions: 6.6 (inclusive) ~ 6.6.34 (exclusive)
  • Linux Kernel Versions: 6.9 (inclusive) ~ 6.9.5 (exclusive)

 

Resolved Vulnerabilities

CVE-2024-38612: Fix for an error path in the IPv6 seg6_init() function in the Linux Kernel that results in a missing genl_unregister_family() call (9.8 CRITICAL, CVSS V3.1 Date Added: 2024.07.02)
CVE-2024-38616: Fortified-memset vulnerability in the carl9170 driver in the wifi module of the Linux Kernel (8.2 high, CVSS V3.1 Date Added: 2024.07.02)
CVE-2022-48747: Vulnerability in the bio_truncate() function in the Linux Kernel due to incorrect offset usage, resulting in malformed data being returned (7.8 High, CVSS V3.1 Date Added: 2024.07.02)
CVE-2023-52883: drm/amdgpu: null pointer dereference vulnerability in amdgpu_vm_bo_update that allows tbo.resource to be NULL (7.5 High, CVSS V3.1 Date Added: 2024.07.02)
CVE-2022-48716: ASoC: codecs: wcd938x: Structure corruption due to using a channel ID instead of a port ID in the Linux Kernel (9.8 CRITICAL, CVSS V3.1 Date Added: 2024.07.02)
CVE-2022-48754: Use-after-free vulnerability due to calling phy_device_reset() before calling put_device() in phy_detach() in the Linux Kernel (8.4 high, CVSS V3.1 Date Added: 2024.07.02)
CVE-2022-48748: Memory leak vulnerability in the Network Bridge VLAN in the Linux Kernel (7.5 high, CVSS V3.1 Date Added: 2024.07.02)
CVE-2024-38623: Vulnerability in fs/ntfs3: Use of Variable Length Arrays Instead of Fixed Size Arrays in the Linux Kernel (9.8 CRITICAL, CVSS V3.1 Date Added: 2024.07.02)
CVE-2024-38384: Risk of corruption vulnerability in the blk-cgroup module in the Linux Kernel when a reordering of WRITE ->lqueued occurs with a READ of ‘bisc->lnode.next’ inside a loop in the __blkcg_rstat_flush() function (8.4 HIGH, CVSS V3.1 Date Added: 2024.07.02)
CVE-2021-4440: Vulnerability in the Xen environment on x86 architectures due to the removal of the USERGS_SYSRET64 paragraph call (8.8 High, CVSS V3.1 Date Added: 2024.07.02)
CVE-2024-39462: Array Index Above Vulnerability in the clk_dvp_probe() Function in the Linux Kernel (9.8 CRITICAL, CVSS V3.1 Date Added: 2024.07.02)

CVE-2024-38605: Vulnerability due to NULL module pointer allocation in ALSA sound card initialization in the Linux Kernel (8.8 high, CVSS V3.1, Date Added: 2024.07.02)
CVE-2024-39480: Buffer overflow in the Tab key autocomplete function in kdb in the Linux Kernel (7.8 high, CVSS V3.1, Date Added: 2024.07.08)
CVE-2024-39479: Use After Free (UAF) vulnerability in the drm/i915 driver in the Linux Kernel due to a problem with the hwmon and drvdata release order (7.8 high, CVSS V3.1, Date Added: 2024.07.08)

 

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-38612

  • Linux Kernel Versions: 4.19.316, 5.4.278, 5.10.219, 5.15.161, 6.1.93, 6.6.33, 6.8.12, 6.9.3, 6.10-rc1

 

CVE-2024-38616

  • Linux Kernel Versions: 6.1.93, 6.6.33, 6.8.12, 6.9.3, 6.10-rc1

 

CVE-2022-48747

  • Linux Kernel 5.4.176 Version
  • Linux Kernel 5.10.96 Version
  • Linux Kernel 5.15.19 Version
  • Linux Kernel 5.16.5 Version
  • Linux Kernel 5.17 Version

 

CVE-2023-52883

  • Linux Kernel Versions: 6.5.9, 6.6

 

CVE-2022-48716

  • Linux Kernel Versions: 5.15.22, 5.16.8, .5.17

 

CVE-2022-48754

  • Linux Kernel Versions: 4.19.228, 5.4.176, 5.10.96, 5.15.19, 5.16.5, 5.17

 

CVE-2022-48748

  • Linux Kernel Versions: 5.10.96, 5.15.19, 5.16.5, 5.17

 

CVE-2024-38623

  • Linux Kernel Versions: 5.15.161, 6.1.93, 6.6.33, 6.9.4, 6.10-rc1

 

CVE-2024-38384

  • Linux Kernel Versions: 6.6.33, 6.9.4, 6.10-rc1

 

CVE-2021-4440

  • Linux Kernel Version: 5.10.218

 

CVE-2024-39462

  • Linux Kernel Versions: 6.6.34, 6.9.5, 6.10-rc1

 

CVE-2024-38605

  • Linux Kernel Versions: 5.10.219, 5.15.161, 6.1.93, 6.6.33, 6.8.12, 6.9.3, 6.10-rc1

 

CVE-2024-39480

  • Linux Kernel Version: 4.19.316
  • Linux Kernel Version: 5.4.278
  • Linux Kernel Version: 5.10.219
  • Linux Kernel Version: 5.15.161
  • Linux Kernel version: 6.1.94
  • Linux Kernel Version: 6.6.34
  • Linux Kernel Version: 6.9.5
  • Linux Kernel Version: 6.10-rc1

 

CVE-2024-39479

  • Linux Kernel Version: 6.6.34
  • Linux Kernel Version: 6.9.5
  • Linux Kernel Version: 6.10-rc1

 

Referenced Sites

[1] CVE-2024-38612 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38612

[2] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024061922-CVE-2024-38612-7fc1@gregkh/

[3] CVE-2024-38616 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38616

[4] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024061923-CVE-2024-38616-5632@gregkh/

[5] CVE-2022-48747 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48747

[6] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062004-CVE-2022-48747-c63f@gregkh/

[7] CVE-2023-52883 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52883

[8] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062030-CVE-2023-52883-0069@gregkh/

[9] CVE-2022-48716 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48716

[10] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062055-CVE-2022-48716-7621@gregkh/

[11] CVE-2022-48754 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48754

[12] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062006-CVE-2022-48754-4012@gregkh/

[13] CVE-2022-48748 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48748

[14] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062004-CVE-2022-48748-3e75@gregkh/

[15] CVE-2024-38623 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38623

[16] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062139-CVE-2024-38623-7c77@gregkh/

[17] CVE-2024-38384 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38384

[18] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062455-CVE-2024-38384-47e5@gregkh/

[19] CVE-2021-4440 Detail

https://nvd.nist.gov/vuln/detail/CVE-2021-4440

[20] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062506-CVE-2021-4440-f8f1@gregkh/

[21] CVE-2024-39462 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39462

[22] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39462-f5ec@gregkh/

[23] CVE-2024-38605 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-38605

[24] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024061925-CVE-2024-38605-3dc4@gregkh/

[25] CVE-2024-39480 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-39480

[26] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024070519-CVE-2024-39480-b85a@gregkh/

[27] CVE-2024-39479 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-39479

[28] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024070519-CVE-2024-39479-5bd1@gregkh/

Tags:

Previous Post

Next Post