USN-8126-1

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853)

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. (CVE-2024-36331)

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt discovered that some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. A local attacker could possibly use this to expose sensitive information. (CVE-2024-36350, CVE-2024-36357)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

• ARM32 architecture;
• ARM64 architecture;
• MIPS architecture;
• Nios II architecture;
• PA-RISC architecture;
• PowerPC architecture;
• RISC-V architecture;
• S390 architecture;
• Sun Sparc architecture;
• User-Mode Linux (UML);
• x86 architecture;
• Xtensa architecture;
• Block layer subsystem;
• Cryptographic API;
• Compute Acceleration Framework;
• ACPI drivers;
• Serial ATA and Parallel ATA drivers;
• ATM drivers;
• Drivers core;
• ATA over ethernet (AOE) driver;
• DRBD Distributed Replicated Block Device drivers;
• Block device driver;
• Network block device driver;
• Ublk userspace block driver;
• Bluetooth drivers;
• Bus devices;
• Hardware random number generator core;
• Character device driver;
• TPM device driver;
• Clock framework and drivers;
• Data acquisition framework and drivers;
• CPU...