Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 92 |
| CVE-ID | CVE-2024-1151 CVE-2022-0001 CVE-2024-2201 CVE-2024-23849 CVE-2023-52594 CVE-2023-52601 CVE-2024-26826 CVE-2023-52622 CVE-2024-26665 CVE-2023-52493 CVE-2023-52633 CVE-2024-26684 CVE-2024-26663 CVE-2023-52618 CVE-2023-52588 CVE-2023-52637 CVE-2024-26825 CVE-2023-52606 CVE-2024-26594 CVE-2024-26625 CVE-2024-26720 CVE-2024-26614 CVE-2023-52627 CVE-2023-52602 CVE-2024-26673 CVE-2024-26685 CVE-2023-52638 CVE-2023-52498 CVE-2023-52619 CVE-2024-26910 CVE-2024-26689 CVE-2023-52583 CVE-2024-26676 CVE-2024-26671 CVE-2024-26704 CVE-2024-26608 CVE-2024-26610 CVE-2024-26592 CVE-2023-52599 CVE-2023-52595 CVE-2024-26660 CVE-2023-52617 CVE-2024-26645 CVE-2023-52486 CVE-2023-52631 CVE-2023-52607 CVE-2023-52608 CVE-2024-26722 CVE-2024-26615 CVE-2023-52615 CVE-2024-26636 CVE-2023-52642 CVE-2023-52587 CVE-2024-26712 CVE-2024-26675 CVE-2023-52614 CVE-2024-26606 CVE-2024-26916 CVE-2024-26600 CVE-2024-26679 CVE-2024-26829 CVE-2024-26641 CVE-2023-52623 CVE-2024-26627 CVE-2024-26696 CVE-2024-26640 CVE-2024-26635 CVE-2023-52491 CVE-2024-26664 CVE-2024-26602 CVE-2023-52604 CVE-2024-26717 CVE-2023-52643 CVE-2024-26593 CVE-2023-52598 CVE-2024-26668 CVE-2023-52435 CVE-2023-52597 CVE-2024-26715 CVE-2024-26707 CVE-2023-52635 CVE-2024-26695 CVE-2024-26698 CVE-2023-52494 CVE-2024-26920 CVE-2024-26808 CVE-2023-52616 CVE-2023-52492 CVE-2024-26702 CVE-2024-26644 CVE-2023-52489 CVE-2024-26697 |
| CWE-ID | CWE-121 CWE-200 CWE-1037 CWE-193 CWE-125 CWE-119 CWE-667 CWE-399 CWE-388 CWE-476 CWE-416 CWE-401 CWE-369 CWE-20 CWE-362 CWE-415 CWE-682 CWE-269 CWE-824 CWE-908 CWE-400 CWE-190 CWE-254 CWE-825 CWE-665 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-5.15.0-106-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-106-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-106-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-cvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop-5.15 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke-5.15 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1063-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1063-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-106-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-106-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1059-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1059-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1058-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1058-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1054-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1054-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1044-gkeop (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 92 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU87165
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1151
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU61198
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0001
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU88374
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2201
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Off-by-one
EUVDB-ID: #VU86019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23849
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU88103
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52601
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU92038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retransmit_pending_data() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU90336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU91537
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52493
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU93282
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52633
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper error handling
EUVDB-ID: #VU90952
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26684
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU92073
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Buffer overflow
EUVDB-ID: #VU93617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52618
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU93647
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52588
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90218
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU93765
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26825
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU87343
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU86813
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling SMB2 Mech Tokens. A remote attacker can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU87344
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52627
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU89254
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU94118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU90796
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52638
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_jsk_add(), j1939_sk_recv_match(), j1939_sk_recv(), j1939_sk_errqueue() and j1939_sk_netdev_event_netdown() functions in net/can/j1939/socket.c, within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU90800
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU93668
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Race condition
EUVDB-ID: #VU91476
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26910
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_set_destroy() and list_set_same_set() functions in net/netfilter/ipset/ip_set_list_set.c, within the ip_set_destroy_set(), ip_set_destroy(), ip_set_swap() and ip_set_fini() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU90337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26676
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Double free
EUVDB-ID: #VU90929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU90341
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_unsupported_event() and handle_generic_event() functions in fs/ksmbd/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU89679
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU86812
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26592
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in
ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU88105
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52599
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU90334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26660
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn301_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Resource management error
EUVDB-ID: #VU93474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52617
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Incorrect calculation
EUVDB-ID: #VU93762
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU90801
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU91240
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52631
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU92973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52608
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_poll_done() function in drivers/firmware/arm_scmi/shmem.c, within the rx_callback() function in drivers/firmware/arm_scmi/mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU90793
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26722
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU90627
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU90798
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper privilege management
EUVDB-ID: #VU93736
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52642
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the lirc_dev_exit() and rc_dev_get_from_fd() functions in drivers/media/rc/lirc_dev.c, within the lirc_prog_attach(), lirc_prog_detach() and lirc_prog_query() functions in drivers/media/rc/bpf-lirc.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU91541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU93400
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26712
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Buffer overflow
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU89247
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26606
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU90779
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_gfx_off_ctrl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c, within the amdgpu_device_suspend() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Memory leak
EUVDB-ID: #VU90475
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26829
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irtoy_tx() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper locking
EUVDB-ID: #VU88101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26627
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper locking
EUVDB-ID: #VU90795
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26696
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use of uninitialized resource
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU90228
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU90335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds read
EUVDB-ID: #VU90342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU93058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26717
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU90470
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52643
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_device_register_sysfs() function in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Out-of-bounds read
EUVDB-ID: #VU89250
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26593
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU90608
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26715
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_gadget_suspend() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Resource management error
EUVDB-ID: #VU93206
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26707
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper locking
EUVDB-ID: #VU92045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU90604
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26695
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/crypto/ccp/sev-dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Race condition
EUVDB-ID: #VU91482
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26698
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Buffer overflow
EUVDB-ID: #VU91209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52494
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mhi_del_ring_element() function in drivers/bus/mhi/host/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Expired pointer dereference
EUVDB-ID: #VU93809
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper Initialization
EUVDB-ID: #VU91556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) NULL pointer dereference
EUVDB-ID: #VU90626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Out-of-bounds read
EUVDB-ID: #VU91100
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Improper locking
EUVDB-ID: #VU91535
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Race condition
EUVDB-ID: #VU89388
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52489
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Information disclosure
EUVDB-ID: #VU91365
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-5.15.0-106-generic-lpae (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-generic (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-oracle (Ubuntu package): before 5.15.0.1059.65~20.04.1
linux-image-lowlatency-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-lowlatency-64k-hwe-20.04 (Ubuntu package): before 5.15.0.106.116~20.04.1
linux-image-gcp (Ubuntu package): before 5.15.0.1059.67~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1063.72~20.04.1.41
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1063.72~20.04.1
linux-image-virtual (Ubuntu package): before 5.15.0.106.106
linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1054.54
linux-image-nvidia (Ubuntu package): before 5.15.0.1054.54
linux-image-lowlatency-64k (Ubuntu package): before 5.15.0.106.101
linux-image-lowlatency (Ubuntu package): before 5.15.0.106.101
linux-image-kvm (Ubuntu package): before 5.15.0.1058.54
linux-image-ibm (Ubuntu package): before 5.15.0.1054.57~20.04.1
linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1044.51~20.04.1
linux-image-gkeop (Ubuntu package): before 5.15.0.1044.43
linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1058.57
linux-image-gke (Ubuntu package): before 5.15.0.1058.57
linux-image-generic-lpae (Ubuntu package): before 5.15.0.106.106
linux-image-generic-64k (Ubuntu package): before 5.15.0.106.106
linux-image-generic (Ubuntu package): before 5.15.0.106.106
linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1059.55
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1063.61
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1063.72.41
linux-image-5.15.0-1063-azure-fde (Ubuntu package): before 5.15.0-1063.72~20.04.1.1
linux-image-5.15.0-1063-azure (Ubuntu package): before 5.15.0-1063.72~20.04.1
linux-image-5.15.0-106-lowlatency-64k (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-106-lowlatency (Ubuntu package): before 5.15.0-106.116~20.04.1
linux-image-5.15.0-1059-oracle (Ubuntu package): before 5.15.0-1059.65~20.04.1
linux-image-5.15.0-1059-gcp (Ubuntu package): before 5.15.0-1059.67~20.04.1
linux-image-5.15.0-1058-kvm (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1058-gke (Ubuntu package): before 5.15.0-1058.63
linux-image-5.15.0-1054-nvidia-lowlatency (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-nvidia (Ubuntu package): before 5.15.0-1054.55
linux-image-5.15.0-1054-ibm (Ubuntu package): before 5.15.0-1054.57~20.04.1
linux-image-5.15.0-1044-gkeop (Ubuntu package): before 5.15.0-1044.51~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6766-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
