Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 48 |
| CVE-ID | CVE-2024-23849 CVE-2024-26696 CVE-2023-52583 CVE-2024-26720 CVE-2023-52615 CVE-2023-52599 CVE-2023-52587 CVE-2024-26635 CVE-2024-26704 CVE-2024-26625 CVE-2024-26825 CVE-2023-52622 CVE-2023-52435 CVE-2023-52617 CVE-2023-52598 CVE-2024-26645 CVE-2023-52619 CVE-2024-26593 CVE-2024-26685 CVE-2023-52602 CVE-2023-52486 CVE-2024-26697 CVE-2024-26675 CVE-2024-26600 CVE-2023-52604 CVE-2024-26664 CVE-2024-26606 CVE-2023-52594 CVE-2024-26671 CVE-2024-26598 CVE-2024-26673 CVE-2024-26920 CVE-2024-26722 CVE-2023-52601 CVE-2024-26602 CVE-2023-52637 CVE-2023-52623 CVE-2024-26702 CVE-2023-52597 CVE-2024-26684 CVE-2023-52606 CVE-2024-26679 CVE-2024-26663 CVE-2024-26910 CVE-2024-26615 CVE-2023-52595 CVE-2023-52607 CVE-2024-26636 |
| CWE-ID | CWE-193 CWE-667 CWE-369 CWE-119 CWE-908 CWE-415 CWE-416 CWE-401 CWE-399 CWE-682 CWE-125 CWE-362 CWE-200 CWE-20 CWE-476 CWE-400 CWE-254 CWE-388 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-xilinx-zynqmp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-osp1 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop-5.4 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-181-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-181-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-181-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1129-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1128-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1124-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1123-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1112-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1108-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1091-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1071-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1036-iot (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi-hwe-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 48 vulnerabilities.
1) Off-by-one
EUVDB-ID: #VU86019
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23849
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU90795
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26696
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU88105
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52599
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU91541
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Double free
EUVDB-ID: #VU90929
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU87344
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU93765
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26825
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Resource management error
EUVDB-ID: #VU93474
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52617
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Incorrect calculation
EUVDB-ID: #VU93762
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU89250
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26593
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU89254
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU90801
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information disclosure
EUVDB-ID: #VU91365
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26697
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU90342
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU90335
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU89247
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26606
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90262
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Input validation error
EUVDB-ID: #VU94118
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU90793
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26722
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU88103
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52601
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU90218
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU91100
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper error handling
EUVDB-ID: #VU90952
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26684
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer overflow
EUVDB-ID: #VU87343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU92073
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Race condition
EUVDB-ID: #VU91476
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26910
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_set_destroy() and list_set_same_set() functions in net/netfilter/ipset/ip_set_list_set.c, within the ip_set_destroy_set(), ip_set_destroy(), ip_set_swap() and ip_set_fini() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU90627
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU90859
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-raspi (Ubuntu package): before 5.4.0.1108.138
linux-image-gkeop (Ubuntu package): before 5.4.0.1091.89
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1128.130
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1071.100
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1043.43
linux-image-virtual (Ubuntu package): before 5.4.0.181.179
linux-image-raspi2 (Ubuntu package): before 5.4.0.1108.138
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1123.116
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.181.179
linux-image-kvm (Ubuntu package): before 5.4.0.1112.108
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1091.89
linux-image-generic-lpae (Ubuntu package): before 5.4.0.181.179
linux-image-generic (Ubuntu package): before 5.4.0.181.179
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1129.123
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1124.121
linux-image-5.4.0-181-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-181-generic-lpae (Ubuntu package): before 5.4.0-181.201
linux-image-5.4.0-181-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1129-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1128-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1124-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1123-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1112-kvm (Ubuntu package): before 5.4.0-1112.119
linux-image-5.4.0-1108-raspi (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1091-gkeop (Ubuntu package): before 5.4.0-1091.95
linux-image-5.4.0-1071-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1043-xilinx-zynqmp (Ubuntu package): before 5.4.0-1043.47
linux-image-5.4.0-1036-iot (Ubuntu package): before 5.4.0-1036.37
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-raspi-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-osp1_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gkeop-5.4_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-20.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-181-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1129-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1128-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1124-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1123-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1112-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1108-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1091-gkeop_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1071-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1043-xilinx-zynqmp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-5.4.0-1036-iot_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi-hwe-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-6767-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
