The USN-6549-4 advisory outlines multiple vulnerabilities in the Linux kernel. Firstly, a race condition in the USB subsystem could be exploited by a local attacker to trigger an out-of-bounds read vulnerability, potentially leading to a denial of service.
Another flaw in the Netlink Transformation (XFRM) subsystem may allow a local privileged attacker to cause a system crash or expose sensitive information due to improper initialization of a policy data structure.
Issues in the netfilter subsystem present opportunities for local attackers to exploit validation weaknesses, leading to potential denial of service or exposure of kernel memory.
Furthermore, the QXL virtual GPU driver in the Linux kernel is susceptible to a use-after-free vulnerability, enabling a local attacker to induce a denial of service or potentially execute arbitrary code.
The IPv4 implementation flaw involves a null pointer dereference vulnerability during IP routing in certain circumstances, posing a risk of denial of service when exploited by a privileged attacker.
Additionally, the virtio ring implementation’s shortcomings could be used by a local attacker in a guest VM to crash the host system, constituting a denial of service.
Vulnerabilities in the NVMe-oF/TCP subsystem may result in a use-after-free vulnerability, potentially leading to a system crash or arbitrary code execution when exploited by a remote attacker.
Lastly, the perf subsystem is susceptible to an out-of-bounds write vulnerability, allowing a local attacker to trigger a denial of service or potentially execute arbitrary code.
