Early Access — Mondoo Vulnerability Intelligence is currently in preview.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2023-46838)
It was discovered that the IPv6 implementation of the Linux kernel did not properly manage route cache memory usage. A remote attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-52340)
It was discovered that the device mapper driver in the Linux kernel did not properly validate target size during certain memory allocations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-52429, CVE-2024-23851)
Dan Carpenter discovered that the netfilter subsystem in the Linux kernel did not store data in properly sized memory locations. A local user could use this to cause a denial of service (system crash). (CVE-2024-0607)
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:
5.4.0-176.1965.4.0-1122.1325.4.0-1127.1345.4.0-1082.895.4.0-1126.1355.4.0-1089.935.4.0-1069.745.4.0-1110.1175.4.0-1121.1305.4.0-1106.1185.4.0-1122.132~18.04.15.4.0-1127.134~18.04.15.4.0-1126.135~18.04.15.4.0-175.195~18.04.15.4.0-1069.74~18.04.15.4.0-1121.130~18.04.15.4.0-1106.118~18.04.1