A safety warning issued for the Linux kernel has obtained an replace from the BSI. You can learn the way affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) revealed an replace on May 20, 2024 to essentially the most weak safety gap within the Linux kernel identified on April 17, 2024. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Ubuntu Linux, SUSE Linux , Oracle Linux and Open Source Linux Kernel.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Ubuntu Security Notice USN-6766-3 (From 20 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Linux kernel vulnerabilities – Risk: medium
Risk stage: 3 (average)
CVSS Base Score: 6.6
CVSS provisional rating: 5,8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on numerous standards with a purpose to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally take note of adjustments over time within the threat scenario. According to CVSS, the severity of the present vulnerability is rated as “average” with 6.6 foundation factors.
Linux Kernel Bug: Vulnerabilities and CVE numbers
The kernel represents the core of the Linux working system.
A neighborhood attacker can exploit many vulnerabilities within the Linux kernel to trigger a denial of service or carry out an unspecified assault.
Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2023-52644, CVE-2023-52645, CVE-2023-6270, CVE-2024-26829, CVE-2024-26832, CVE-2024-26833, CVE-2024-2682324, CVE-262832, CVE-26832 54, 2024-26836, CVE-2024-26837, CVE-2024-26838, CVE-2024-26839, CVE-2024-26840, CVE-2024-26841, CVE-2024-2682-204, CVE-262842 2024-2042 26844, CVE-2024-26845, CVE-2024-26846, CVE-2024-26847, CVE-2024-26848, CVE-2024-26849, CVE-2024-26850, CVE-2024-26847, CVE-2024 -20848 CVE-2024-26853, CVE-2024-26854, CVE-2024-26855, CVE-2024-26856, CVE-2024-26857, CVE-2024-26858, CVE-2024-26852, CVE-268529 2024 -26861, CVE-2024-26862, CVE-2024-26863, CVE-2024-26864, CVE-2024-26865, CVE-2024-26866, CVE-2024-2682-2062, CVE-26862628, CVE-268662, CVE-26862 -2024-26862. 26869, CVE-2024-26870, CVE-2024-26871, CVE-2024-26872, CVE-2024-26873, CVE-2024-26874, CVE-2024-26875, CVE-2024-26872, CVE-2024-26873, CVE-2024-26874, CVE-2024-26875, CVE-2024-20872 CVE-2024-26878, CVE-2024-26879, CVE-2024-26880, CVE-2024-26881, CVE-2024-26882, CVE-2024 -26883, CVE-2024-2VE2628282, CVE-26882, CVE-26882 2024-26886, CVE-2024-26887, CVE-2024-26888, CVE-2024-26889, CVE-2024-26890, CVE-2024-26891 , CVE-2024-2682-292, CVE-26892, CVE-26892, 24-26892 26894, CVE-2024-26895, CVE-2024-26896, CVE-2024-26897, CVE-2024-26898, CVE-2024-26899 , CVE-2024-26900, CVE-2024-20924, CVE-2024-2024 CVE-2024-26903, CVE-2024-26904, CVE-2024-26905, CVE-2024-26906, CVE-2024-26907 2024-26908, CVE-2024-266902, CVE-269029, CVE-2024-26909 2024-26911, CVE-2024-26912, CVE-2024-26913, CVE-2024-26914, CVE-2024-26915 24 -26916, CVE-2024-2692-2012, CVE-2691012, CVE-2691012, CVE-2024-26912, CVE-2024-269101284 26919, CVE-2024-26920 and CVE-2024-26921.
Systems affected by the safety hole at a look
working system
Linux
Products
Debian Linux (cpe:/o:debian:debian_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Open Source Linux Kernel (cpe:/o:linux:linux_kernel)
General steps for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test if IT safety alert Affected producers present a brand new safety replace.
Manufacturer details about updates, patches and workarounds
Here you will see that some hyperlinks with details about bug studies, safety fixes and workarounds.
Ubuntu Security Notice USN-6766-3 vom 2024-05-20 (20.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15 (15.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6766-2 vom 2024-05-15 (15.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14 (14.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6767-2 vom 2024-05-14 (13.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-12380 vom 2024-05-14 (13.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6766-1 vom 2024-05-07 (07.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6767-1 vom 2024-05-07 (07.05.2024)
For extra info, see:
Debian Security Advisory DSA-5681 vom 2024-05-06 (06.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03 (02.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30 (01.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29 (29.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26 (28.04.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18 (18.04.2024)
For extra info, see:
Linux Kernel CVE bulletins vom 2024-04-17 (17.04.2024)
For extra info, see:
Version historical past of this safety alert
This is model 12 of this Linux Kernel IT Security Notice. If additional updates are introduced, this doc might be up to date. You can examine adjustments or additions on this model historical past.
April 17, 2024 – First model
April 18, 2024 – New updates from SUSE added
April 28, 2024 – New updates from SUSE added
April 29, 2024 – New updates from SUSE added
May 1, 2024 – New updates from SUSE added
May 2, 2024 – New updates from SUSE added
05/06/2024 – New updates from Debian added
May 7, 2024 – Added new persona updates
May 13, 2024 – New Oracle Linux updates added
May 14, 2024 – New updates from SUSE added
May 15, 2024 – Added new updates from Ubuntu and SUSE
May 20, 2024 – Added new persona updates
+++ Editorial observe: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de