Ziming Zhang discovered a vulnerability in the DRM driver for VMware Virtual GPUs which allows a local attacker to cause a denial of service by triggering a NULL pointer dereference (CVE-2022-38096).
Gui-Dong Han identified a race condition in the Linux kernel's software RAID driver, leading to an integer overflow that could allow a privileged attacker to cause a system crash (CVE-2024-23307).
In addition, Chenyuan Yang found multiple vulnerabilities, including a use-after-free in the CEC driver driver (CVE-2024-23848), a size validation issue in the Unsorted Block Images subsystem (CVE-2024-25739), and improper checks before device write operations in the USB Gadget subsystem (CVE-2024-25741), each of which could potentially allow an attacker to cause a denial of service or execute arbitrary code.
A race condition in the Bluetooth subsystem (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) when modifying settings through debugfs can also allow a privileged local attacker to cause a denial of service.
The wide range of affected subsystems includes not only drivers like the Xceive XC4000 silicon tuner (CVE-2024-24861) but also spreads across various architectural platforms such as ARM32, ARM64, and MIPS, affecting components from Bluetooth drivers to file systems like JFS (CVE-2024-40902).
To learn more about these vulnerabilities and how to secure your systems, visit LinuxPatch.com.