Hello Linux users,

Do you fear losing your critical data or access to your Linux systems as much as I do? A new security bug has been found in the Linux kernel's dmam_free_coherent() function, threatening Linux systems with data theft and service disruption. Direct Memory Access (DMA) is an integral feature that enables hardware devices to directly move data between system memory and hardware devices without going through the CPU. However, flaws that compromise or exploit this process could lead to incorrect memory access, data corruption, unexpected behavior, or system crashes.

To help you take proactive measures to secure your systems, I'll explain:  

  • The vulnerability discovered and its impact.
  • How this flaw could be exploited.
  • Patches and solutions available to mitigate risk.

Read on to also learn about several severe security flaws recently found in Chromium that could enable attackers to access your network, steal sensitive data, install malware, and disrupt services.

If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

Linux Kernel

The Discovery 

A new security bug, CVE-2024-43856, has been found in the Linux kernel's dmam_free_coherent() function. DMA (Direct Memory Access) is an integral feature that enables hardware devices to move data directly between system memory and hardware devices without going through the CPU. However, if this process becomes compromised—as with this recent flaw—it could lead to incorrect memory access, data corruption, unexpected behavior, or system crashes.

LinuxKernel Esm W206

The Impact

This bug could result in data theft and service disruption, among other damaging repercussions.

The Fix

Patches have been released to remedy this critical issue. Admins should implement the updates released by their distros as soon as possible to secure their sensitive data and maintain system access. 

Your Related Advisories:

Register to Customize Your Advisories

Chromium

The Discovery 

Multiple severe security flaws were recently discovered in Chromium, the open-source web browser project that is the basis of Chrome and many other widely used browsers. CVE-2024-7532 was identified as the most significant vulnerability involving out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine). Classified as critical, this bug could enable attackers to execute arbitrary code and cause system crashes.

Chromium Esm W225

The Impact

These bugs could enable attackers to access your network, steal sensitive data, install malware, and disrupt services.

The Fix

Distros have released important Chromium security updates to fix these flaws. We urge you to apply these updates immediately to secure your network, systems, and data.

Your Related Advisories:

Register to Customize Your Advisories