USN-6921-2

Details

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. (CVE-2024-25742)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

DMA engine subsystem;
HID subsystem;
I2C subsystem;
PHY drivers;
TTY drivers;
IPv4 networking; (CVE-2024-35997, CVE-2024-36016, CVE-2024-35990, CVE-2024-35984, CVE-2024-35992, CVE-2024-36008)

Affected Packages

Ubuntu:24.04:LTSlinux-lowlatency

Fixed in:

6.8.0-39.39.1

References

REPORThttps://ubuntu.com/security/CVE-2024-25742 REPORThttps://ubuntu.com/security/CVE-2024-35984 REPORThttps://ubuntu.com/security/CVE-2024-35990 REPORThttps://ubuntu.com/security/CVE-2024-35992 REPORThttps://ubuntu.com/security/CVE-2024-35997 REPORThttps://ubuntu.com/security/CVE-2024-36008 REPORThttps://ubuntu.com/security/CVE-2024-36016 ADVISORYhttps://ubuntu.com/security/notices/USN-6921-2

USN-6921-2

Details

Affected Packages

References

Upstream

Ecosystems

Timeline