USN-6774-1: Linux Kernel Vulnerabilities Alert

In a recent discovery, cybersecurity researchers have unveiled multiple severe vulnerabilities across various subsystems of the Linux kernel, posing significant risks to systems worldwide. This article aims to break down the technicalities of these vulnerabilities, the potential threats they impose, and recommended actions for Linux users.

Overview of the Key Vulnerabilities

Among the primary vulnerabilities disclosed, notable ones include issues in the Broadcom FullMAC WLAN driver, Intel processor mitigations, and several core Linux subsystems such as networking and file management. Each of these vulnerabilities opens pathways that could potentially be leveraged by attackers to compromise system integrity and user data.

Broadcom WLAN Driver Issue

Zheng Wang's investigation revealed a race condition within the Broadcom FullMAC WLAN driver in the Linux kernel, tagged as CVE-2023-47233. An attacker with physical proximity could exploit this flaw to provoke a denial of service through system crashes, undermining the reliability of affected devices.

Intel Processor Mitigation Gaps

Further scrutiny by Sander Wiebing and his colleagues identified that the existing mitigations for the Branch History Injection vulnerability in Intel processors were insufficient. While the initial vulnerability was assigned CVE-2022-0001, the continuation of this issue led to the emergence of CVE-2024-2201, where a local attacker could reveal sensitive information by exploiting these gaps.

Additional Compromises in Linux Subsystems

Additionally, various other components of the Linux kernel have been compromised, including:

  • Hardware random number generator core - CVE-2024-26704
  • Ext4 and JFS file systems - CVEs 2023-52615 and 2024-26805
  • Bluetooth subsystem and networking core - CVEs 2023-52604 and 2024-26614
  • IP networking and other related layers - CVEs 2023-52602, 2024-26635, and 2024-26622
  • Security modules like Tomoyo - CVEs 2023-52601 and 2024-26801

Recommended Actions for Linux Users

For users and administrators of Linux systems, it's crucial to apply security patches and updates released by the Linux community in a timely manner. Staying informed through official security bulletins and rigorous system monitoring can critically diminish the chances of exploitation.


The disclosed vulnerabilities underscore the importance of regular system updates and vigilant security practices. Addressing these vulnerabilities swiftly can notably reduce potential risks.

You can find more detailed reports and patch releases at