USN-6972-2

Advisory lineage Upstream: 36 Downstream: 0
Published: 22 Aug 2024, 12:11
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 Aug 2024, 12:11
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux-aws, linux-aws-hwe vulnerabilities Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SuperH RISC architecture; - User-Mode Linux (UML); - GPU drivers; - MMC subsystem; - Network drivers; - PHY drivers; - Pin controllers subsystem; - Xen hypervisor drivers; - GFS2 file system; - Core kernel; - Bluetooth subsystem; - IPv4 networking; - IPv6 networking; - HD-audio driver; - ALSA SH drivers; (CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292, CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955, CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679, CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)

Affected Systems

  • ubuntulinux-aws

    < 4.15.0-1172.185

  • ubuntulinux-aws-hwe

    < 4.15.0-1172.185~16.04.1

References (19)