Multiple Cisco Products Vulnerabilities
September 9, 2024North Korean APT Kimsuky aka Black Banshee – Active IOCs
September 9, 2024Multiple Cisco Products Vulnerabilities
September 9, 2024North Korean APT Kimsuky aka Black Banshee – Active IOCs
September 9, 2024Severity
Medium
Analysis Summary
CVE-2024-42269 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in ip6table_nat_table_init(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-42268 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a missing lock on sync reset reload. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-43824 CVSSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by an error related to the use of cached 'epc_features' in pci_epf_test_core_init(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-42265 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by the failure to protect the fetch of ->fd[fd] in do_dup2() from mispredictions. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-43832 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by an error related to calling folio_wait_writeback() without a folio reference. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-43858 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by an array-index-out-of-bounds in diFree. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-42270 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in iptable_nat_table_init(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-42271 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in iucv_sock_close() iucv_sever_path(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-52889 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by Null pointer dereference when receiving skb during sock creation in apparmor. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-42263 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the timestamp extension. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2024-42267 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by the lack of handling for VM_FAULT_SIGSEGV in mm_fault_error(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-42269
- CVE-2024-42268
- CVE-2024-43824
- CVE-2024-42265
- CVE-2024-43832
- CVE-2024-43858
- CVE-2024-42270
- CVE-2024-42271
- CVE-2023-52889
- CVE-2024-42263
- CVE-2024-42267
Affected Vendors
Affected Products
- Linux 6.8
- Linux fdacd57c79b7
- Linux 5.15
- Linux 5e50ee27d4a5
- Linux 5.7
- Linux 84a433a40d0e
- Linux 1da177e4c3f4
- Linux 214d9bbcd3a6
- Linux 2.6.12
- Linux 3.4
- Linux 7d316b945352
- Linux 9ba0ff3e083f
- Linux 4.15
- Linux 07037db5d479
- Linux 6.0
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.