USN-6921-1

Advisory lineage Upstream: 14 Downstream: 0
Published: 29 Jul 2024, 12:51
Last modified:03 Jun 2026, 14:03

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Jul 2024, 12:51
Published
Vulnerability first disclosed
03 Jun 2026, 14:03
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia, linux-oem-6.8, linux-raspi vulnerabilities Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. (CVE-2024-25742) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - DMA engine subsystem; - HID subsystem; - I2C subsystem; - PHY drivers; - TTY drivers; - IPv4 networking; (CVE-2024-35990, CVE-2024-35997, CVE-2024-35992, CVE-2024-35984, CVE-2024-36008, CVE-2024-36016)

Affected Systems

  • ubuntulinux

    < 6.8.0-39.39

  • ubuntulinux-aws

    < 6.8.0-1012.13

  • ubuntulinux-gcp

    < 6.8.0-1011.12

  • ubuntulinux-gke

    < 6.8.0-1007.10

  • ubuntulinux-ibm

    < 6.8.0-1009.9

  • ubuntulinux-nvidia

    < 6.8.0-1010.10

  • ubuntulinux-oem-6.8

    < 6.8.0-1009.9

  • ubuntulinux-raspi

    < 6.8.0-1008.8

References (8)