{"id":"USN-7119-1","summary":"linux-iot vulnerabilities","details":"\nZiming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux\nkernel contained an integer overflow vulnerability. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2022-36402)\n\nSeveral security issues were discovered in the Linux kernel.\nAn attacker could possibly use these to compromise the system.\nThis update corrects flaws in the following subsystems:\n  - ARM64 architecture;\n  - PowerPC architecture;\n  - User-Mode Linux (UML);\n  - x86 architecture;\n  - Block layer subsystem;\n  - Cryptographic API;\n  - Android drivers;\n  - Serial ATA and Parallel ATA drivers;\n  - ATM drivers;\n  - Drivers core;\n  - CPU frequency scaling framework;\n  - Device frequency scaling framework;\n  - GPU drivers;\n  - HID subsystem;\n  - Hardware monitoring drivers;\n  - InfiniBand drivers;\n  - Input Device core drivers;\n  - Input Device (Miscellaneous) drivers;\n  - IOMMU subsystem;\n  - IRQ chip drivers;\n  - ISDN/mISDN subsystem;\n  - Modular ISDN driver;\n  - LED subsystem;\n  - Multiple devices driver;\n  - Media drivers;\n  - EEPROM drivers;\n  - VMware VMCI Driver;\n  - MMC subsystem;\n  - Network drivers;\n  - Near Field Communication (NFC) drivers;\n  - NVME drivers;\n  - Device tree and open firmware driver;\n  - Parport drivers;\n  - PCI subsystem;\n  - Pin controllers subsystem;\n  - Remote Processor subsystem;\n  - S/390 drivers;\n  - SCSI drivers;\n  - QCOM SoC drivers;\n  - Direct Digital Synthesis drivers;\n  - TTY drivers;\n  - Userspace I/O drivers;\n  - DesignWare USB3 driver;\n  - USB Gadget drivers;\n  - USB Host Controller drivers;\n  - USB Serial drivers;\n  - USB Type-C Connector System Software Interface driver;\n  - USB over IP driver;\n  - Watchdog drivers;\n  - BTRFS file system;\n  - File systems infrastructure;\n  - Ext4 file system;\n  - F2FS file system;\n  - GFS2 file system;\n  - JFS file system;\n  - NILFS2 file system;\n  - Netfilter;\n  - BPF subsystem;\n  - Core kernel;\n  - DMA mapping infrastructure;\n  - Tracing infrastructure;\n  - Radix Tree data structure library;\n  - Kernel userspace event delivery library;\n  - Objagg library;\n  - Memory management;\n  - Amateur Radio drivers;\n  - Bluetooth subsystem;\n  - CAN network layer;\n  - Networking core;\n  - Ethtool driver;\n  - IPv4 networking;\n  - IPv6 networking;\n  - IUCV driver;\n  - KCM (Kernel Connection Multiplexor) sockets driver;\n  - MAC80211 subsystem;\n  - RxRPC session sockets;\n  - Network traffic control;\n  - SCTP protocol;\n  - Sun RPC protocol;\n  - TIPC protocol;\n  - TLS protocol;\n  - Wireless networking;\n  - AppArmor security module;\n  - Integrity Measurement Architecture(IMA) framework;\n  - Simplified Mandatory Access Control Kernel framework;\n  - SoC audio core drivers;\n  - USB sound devices;\n(CVE-2024-46750, CVE-2024-43853, CVE-2024-46722, CVE-2024-42311,\nCVE-2024-46679, CVE-2023-52918, CVE-2024-42309, CVE-2024-42160,\nCVE-2024-26668, CVE-2024-42271, CVE-2024-40929, CVE-2024-46747,\nCVE-2024-41064, CVE-2024-43839, CVE-2024-46757, CVE-2024-41059,\nCVE-2024-42301, CVE-2024-46737, CVE-2024-42297, CVE-2024-41015,\nCVE-2024-43854, CVE-2024-42289, CVE-2024-41017, CVE-2024-26787,\nCVE-2024-47667, CVE-2024-46675, CVE-2024-42246, CVE-2024-46723,\nCVE-2024-46817, CVE-2024-43841, CVE-2024-26800, CVE-2024-41098,\nCVE-2022-48863, CVE-2023-52531, CVE-2024-42265, CVE-2024-46828,\nCVE-2024-41020, CVE-2024-42305, CVE-2024-46755, CVE-2024-46744,\nCVE-2024-43871, CVE-2024-43884, CVE-2024-41042, CVE-2024-43914,\nCVE-2024-43856, CVE-2024-27397, CVE-2024-26607, CVE-2024-42228,\nCVE-2024-41091, CVE-2024-26677, CVE-2024-38611, CVE-2024-43867,\nCVE-2024-46829, CVE-2021-47188, CVE-2024-46756, CVE-2024-45025,\nCVE-2024-42313, CVE-2024-44947, CVE-2024-26669, CVE-2024-47668,\nCVE-2024-44987, CVE-2024-42295, CVE-2024-42281, CVE-2024-43880,\nCVE-2024-46777, CVE-2024-46780, CVE-2024-42285, CVE-2024-26891,\nCVE-2024-46714, CVE-2024-44999, CVE-2024-41068, CVE-2024-44944,\nCVE-2024-43882, CVE-2024-27051, CVE-2024-41072, CVE-2024-46783,\nCVE-2024-46781, CVE-2024-26885, CVE-2024-46844, CVE-2024-47669,\nCVE-2024-45008, CVE-2024-46758, CVE-2024-44954, CVE-2024-45021,\nCVE-2024-42304, CVE-2024-41081, CVE-2024-46798, CVE-2024-43890,\nCVE-2024-46840, CVE-2024-44960, CVE-2024-41012, CVE-2022-48791,\nCVE-2024-43908, CVE-2024-46721, CVE-2024-43829, CVE-2024-41073,\nCVE-2024-42306, CVE-2024-46745, CVE-2024-43858, CVE-2024-47663,\nCVE-2024-46782, CVE-2024-42244, CVE-2024-41090, CVE-2024-38602,\nCVE-2024-45003, CVE-2024-35848, CVE-2024-43883, CVE-2024-46677,\nCVE-2024-42280, CVE-2024-43846, CVE-2024-47659, CVE-2024-44965,\nCVE-2024-43893, CVE-2024-26960, CVE-2024-46676, CVE-2024-45016,\nCVE-2024-46689, CVE-2024-44998, CVE-2024-44995, CVE-2024-41022,\nCVE-2024-45026, CVE-2024-46739, CVE-2024-43830, CVE-2024-42286,\nCVE-2024-26640, CVE-2024-27012, CVE-2024-45006, CVE-2024-42276,\nCVE-2024-46818, CVE-2024-39494, CVE-2024-43860, CVE-2024-41070,\nCVE-2023-52614, CVE-2024-42283, CVE-2024-44969, CVE-2024-42229,\nCVE-2024-46740, CVE-2024-44948, CVE-2024-46822, CVE-2024-46738,\nCVE-2024-36484, CVE-2024-41065, CVE-2024-46685, CVE-2024-44935,\nCVE-2024-46759, CVE-2024-42292, CVE-2024-43879, CVE-2024-42287,\nCVE-2024-42288, CVE-2024-41063, CVE-2024-41011, CVE-2024-44946,\nCVE-2024-42290, CVE-2024-38570, CVE-2024-42310, CVE-2024-46743,\nCVE-2024-43861, CVE-2024-42131, CVE-2021-47212, CVE-2024-46719,\nCVE-2024-46815, CVE-2024-26641, CVE-2024-43894, CVE-2024-44988,\nCVE-2024-42259, CVE-2024-46771, CVE-2024-46673, CVE-2024-45028,\nCVE-2024-46761, CVE-2024-41071, CVE-2024-38630, CVE-2024-43835,\nCVE-2024-46800, CVE-2024-42284)\n","modified":"2026-04-24T10:02:37.587799215Z","published":"2024-11-19T22:47:40Z","related":["UBUNTU-CVE-2021-47188","UBUNTU-CVE-2021-47212","UBUNTU-CVE-2022-36402","UBUNTU-CVE-2022-48791","UBUNTU-CVE-2022-48863","UBUNTU-CVE-2023-52531","UBUNTU-CVE-2023-52614","UBUNTU-CVE-2023-52918","UBUNTU-CVE-2024-26607","UBUNTU-CVE-2024-26640","UBUNTU-CVE-2024-26641","UBUNTU-CVE-2024-26668","UBUNTU-CVE-2024-26669","UBUNTU-CVE-2024-26677","UBUNTU-CVE-2024-26787","UBUNTU-CVE-2024-26800","UBUNTU-CVE-2024-26885","UBUNTU-CVE-2024-26891","UBUNTU-CVE-2024-26960","UBUNTU-CVE-2024-27012","UBUNTU-CVE-2024-27051","UBUNTU-CVE-2024-27397","UBUNTU-CVE-2024-35848","UBUNTU-CVE-2024-36484","UBUNTU-CVE-2024-38570","UBUNTU-CVE-2024-38602","UBUNTU-CVE-2024-38611","UBUNTU-CVE-2024-38630","UBUNTU-CVE-2024-39494","UBUNTU-CVE-2024-40929","UBUNTU-CVE-2024-41011","UBUNTU-CVE-2024-41012","UBUNTU-CVE-2024-41015","UBUNTU-CVE-2024-41017","UBUNTU-CVE-2024-41020","UBUNTU-CVE-2024-41022","UBUNTU-CVE-2024-41042","UBUNTU-CVE-2024-41059","UBUNTU-CVE-2024-41063","UBUNTU-CVE-2024-41064","UBUNTU-CVE-2024-41065","UBUNTU-CVE-2024-41068","UBUNTU-CVE-2024-41070","UBUNTU-CVE-2024-41071","UBUNTU-CVE-2024-41072","UBUNTU-CVE-2024-41073","UBUNTU-CVE-2024-41081","UBUNTU-CVE-2024-41090","UBUNTU-CVE-2024-41091","UBUNTU-CVE-2024-41098","UBUNTU-CVE-2024-42131","UBUNTU-CVE-2024-42160","UBUNTU-CVE-2024-42228","UBUNTU-CVE-2024-42229","UBUNTU-CVE-2024-42244","UBUNTU-CVE-2024-42246","UBUNTU-CVE-2024-42259","UBUNTU-CVE-2024-42265","UBUNTU-CVE-2024-42271","UBUNTU-CVE-2024-42276","UBUNTU-CVE-2024-42280","UBUNTU-CVE-2024-42281","UBUNTU-CVE-2024-42283","UBUNTU-CVE-2024-42284","UBUNTU-CVE-2024-42285","UBUNTU-CVE-2024-42286","UBUNTU-CVE-2024-42287","UBUNTU-CVE-2024-42288","UBUNTU-CVE-2024-42289","UBUNTU-CVE-2024-42290","UBUNTU-CVE-2024-42292","UBUNTU-CVE-2024-42295","UBUNTU-CVE-2024-42297","UBUNTU-CVE-2024-42301","UBUNTU-CVE-2024-42304","UBUNTU-CVE-2024-42305","UBUNTU-CVE-2024-42306","UBUNTU-CVE-2024-42309","UBUNTU-CVE-2024-42310","UBUNTU-CVE-2024-42311","UBUNTU-CVE-2024-42313","UBUNTU-CVE-2024-43829","UBUNTU-CVE-2024-43830","UBUNTU-CVE-2024-43835","UBUNTU-CVE-2024-43839","UBUNTU-CVE-2024-43841","UBUNTU-CVE-2024-43846","UBUNTU-CVE-2024-43853","UBUNTU-CVE-2024-43854","UBUNTU-CVE-2024-43856","UBUNTU-CVE-2024-43858","UBUNTU-CVE-2024-43860","UBUNTU-CVE-2024-43861","UBUNTU-CVE-2024-43867","UBUNTU-CVE-2024-43871","UBUNTU-CVE-2024-43879","UBUNTU-CVE-2024-43880","UBUNTU-CVE-2024-43882","UBUNTU-CVE-2024-43883","UBUNTU-CVE-2024-43884","UBUNTU-CVE-2024-43890","UBUNTU-CVE-2024-43893","UBUNTU-CVE-2024-43894","UBUNTU-CVE-2024-43908","UBUNTU-CVE-2024-43914","UBUNTU-CVE-2024-44935","UBUNTU-CVE-2024-44944","UBUNTU-CVE-2024-44946","UBUNTU-CVE-2024-44947","UBUNTU-CVE-2024-44948","UBUNTU-CVE-2024-44954","UBUNTU-CVE-2024-44960","UBUNTU-CVE-2024-44965","UBUNTU-CVE-2024-44969","UBUNTU-CVE-2024-44987","UBUNTU-CVE-2024-44988","UBUNTU-CVE-2024-44995","UBUNTU-CVE-2024-44998","UBUNTU-CVE-2024-44999","UBUNTU-CVE-2024-45003","UBUNTU-CVE-2024-45006","UBUNTU-CVE-2024-45008","UBUNTU-CVE-2024-45016","UBUNTU-CVE-2024-45021","UBUNTU-CVE-2024-45025","UBUNTU-CVE-2024-45026","UBUNTU-CVE-2024-45028","UBUNTU-CVE-2024-46673","UBUNTU-CVE-2024-46675","UBUNTU-CVE-2024-46676","UBUNTU-CVE-2024-46677","UBUNTU-CVE-2024-46679","UBUNTU-CVE-2024-46685","UBUNTU-CVE-2024-46689","UBUNTU-CVE-2024-46714","UBUNTU-CVE-2024-46719","UBUNTU-CVE-2024-46721","UBUNTU-CVE-2024-46722","UBUNTU-CVE-2024-46723","UBUNTU-CVE-2024-46737","UBUNTU-CVE-2024-46738","UBUNTU-CVE-2024-46739","UBUNTU-CVE-2024-46740","UBUNTU-CVE-2024-46743","UBUNTU-CVE-2024-46744","UBUNTU-CVE-2024-46745","UBUNTU-CVE-2024-46747","UBUNTU-CVE-2024-46750","UBUNTU-CVE-2024-46755","UBUNTU-CVE-2024-46756","UBUNTU-CVE-2024-46757","UBUNTU-CVE-2024-46758","UBUNTU-CVE-2024-46759","UBUNTU-CVE-2024-46761","UBUNTU-CVE-2024-46771","UBUNTU-CVE-2024-46777","UBUNTU-CVE-2024-46780","UBUNTU-CVE-2024-46781","UBUNTU-CVE-2024-46782","UBUNTU-CVE-2024-46783","UBUNTU-CVE-2024-46798","UBUNTU-CVE-2024-46800","UBUNTU-CVE-2024-46815","UBUNTU-CVE-2024-46817","UBUNTU-CVE-2024-46818","UBUNTU-CVE-2024-46822","UBUNTU-CVE-2024-46828","UBUNTU-CVE-2024-46829","UBUNTU-CVE-2024-46840","UBUNTU-CVE-2024-46844","UBUNTU-CVE-2024-47659","UBUNTU-CVE-2024-47663","UBUNTU-CVE-2024-47667","UBUNTU-CVE-2024-47668","UBUNTU-CVE-2024-47669"],"upstream":["CVE-2024-41022","CVE-2024-41071","CVE-2024-46756","CVE-2024-46757","CVE-2024-46758","UBUNTU-CVE-2024-41022","UBUNTU-CVE-2024-41071","UBUNTU-CVE-2024-46756","UBUNTU-CVE-2024-46757","UBUNTU-CVE-2024-46758"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7119-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-41022"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-41071"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-46756"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-46757"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-46758"}],"affected":[{"package":{"name":"linux-iot","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/linux-iot@5.4.0-1044.45?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.0-1044.45"}]}],"versions":["5.4.0-1001.3","5.4.0-1004.6","5.4.0-1005.7","5.4.0-1006.8","5.4.0-1009.11","5.4.0-1010.12","5.4.0-1011.13","5.4.0-1012.14","5.4.0-1013.15","5.4.0-1014.16","5.4.0-1017.18","5.4.0-1018.19","5.4.0-1019.20","5.4.0-1021.22","5.4.0-1022.23","5.4.0-1023.24","5.4.0-1024.25","5.4.0-1025.26","5.4.0-1026.27","5.4.0-1028.29","5.4.0-1029.30","5.4.0-1030.31","5.4.0-1031.32","5.4.0-1032.33","5.4.0-1033.34","5.4.0-1034.35","5.4.0-1035.36","5.4.0-1036.37","5.4.0-1037.38","5.4.0-1038.39","5.4.0-1039.40","5.4.0-1040.41","5.4.0-1041.42","5.4.0-1042.43","5.4.0-1043.44"],"ecosystem_specific":{"binaries":[{"binary_name":"linux-buildinfo-5.4.0-1044-iot","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-headers-5.4.0-1044-iot","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-image-5.4.0-1044-iot","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-image-unsigned-5.4.0-1044-iot","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-iot-headers-5.4.0-1044","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-iot-tools-5.4.0-1044","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-modules-5.4.0-1044-iot","binary_version":"5.4.0-1044.45"},{"binary_name":"linux-tools-5.4.0-1044-iot","binary_version":"5.4.0-1044.45"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2024-41022","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-41071","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-46756","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-46757","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-46758","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7119-1.json"}}],"schema_version":"1.7.5"}