Ubuntu update for linux-aws

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88374

Risk: Medium

CVSSv4.0: 7.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2024-2201

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Off-by-one

EUVDB-ID: #VU86019

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23849

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU90343

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52594

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU88103

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52601

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU92038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26826

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __mptcp_retransmit_pending_data() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU93471

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU90336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26665

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU91537

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52493

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU93282

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52633

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper error handling

EUVDB-ID: #VU90952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26684

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU92073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26663

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Buffer overflow

EUVDB-ID: #VU93617

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52618

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU93647

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52588

Exploit availability: No

Description

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU90218

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52637

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU93765

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26825

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU87343

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52606

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Out-of-bounds read

EUVDB-ID: #VU86813

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26594

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling SMB2 Mech Tokens. A remote attacker can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU87344

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26625

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Division by zero

EUVDB-ID: #VU91379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26720

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU91320

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26614

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) NULL pointer dereference

EUVDB-ID: #VU90612

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52627

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU89254

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52602

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU94118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26673

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Race condition

EUVDB-ID: #VU91481

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26685

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU90796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52638

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the j1939_jsk_add(), j1939_sk_recv_match(), j1939_sk_recv(), j1939_sk_errqueue() and j1939_sk_netdev_event_netdown() functions in net/can/j1939/socket.c, within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU90800

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52498

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU93668

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Race condition

EUVDB-ID: #VU91476

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26910

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the list_set_destroy() and list_set_same_set() functions in net/netfilter/ipset/ip_set_list_set.c, within the ip_set_destroy_set(), ip_set_destroy(), ip_set_swap() and ip_set_fini() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU90220

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26689

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU90802

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52583

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU90337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26676

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU92977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26671

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Double free

EUVDB-ID: #VU90929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26704

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU90341

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26608

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the handle_unsupported_event() and handle_generic_event() functions in fs/ksmbd/transport_ipc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Buffer overflow

EUVDB-ID: #VU89679

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26610

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU86812

Risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26592

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

EUVDB-ID: #VU88105

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52599

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU90803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52595

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU90334

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26660

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn301_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Resource management error

EUVDB-ID: #VU93474

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52617

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Incorrect calculation

EUVDB-ID: #VU93762

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26645

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper locking

EUVDB-ID: #VU90801

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52486

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU91240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52631

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU90841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52607

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Resource management error

EUVDB-ID: #VU92973

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52608

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the shmem_poll_done() function in drivers/firmware/arm_scmi/shmem.c, within the rx_callback() function in drivers/firmware/arm_scmi/mailbox.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU90793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26722

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU90627

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26615

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper locking

EUVDB-ID: #VU90798

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52615

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU90859

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26636

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper privilege management

EUVDB-ID: #VU93736

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52642

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the lirc_dev_exit() and rc_dev_get_from_fd() functions in drivers/media/rc/lirc_dev.c, within the lirc_prog_attach(), lirc_prog_detach() and lirc_prog_query() functions in drivers/media/rc/bpf-lirc.c. A local user can read and manipulate data.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU91541

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52587

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Buffer overflow

EUVDB-ID: #VU93400

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26712

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU90858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26675

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU91315

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52614

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Resource management error

EUVDB-ID: #VU89247

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26606

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper locking

EUVDB-ID: #VU90779

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26916

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_gfx_off_ctrl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c, within the amdgpu_device_suspend() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU89249

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26600

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU92044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Memory leak

EUVDB-ID: #VU90475

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26829

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the irtoy_tx() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Access of Uninitialized Pointer

EUVDB-ID: #VU89396

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26641

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper locking

EUVDB-ID: #VU92046

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52623

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU88101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26627

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU90795

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26696

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource management error

EUVDB-ID: #VU89397

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26640

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use of uninitialized resource

EUVDB-ID: #VU90880

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26635

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU90228

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52491

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

EUVDB-ID: #VU90335

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26664

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Resource exhaustion

EUVDB-ID: #VU87499

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26602

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Out-of-bounds read

EUVDB-ID: #VU90342

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52604

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) NULL pointer dereference

EUVDB-ID: #VU93058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26717

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Memory leak

EUVDB-ID: #VU90470

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52643

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iio_device_register_sysfs() function in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Out-of-bounds read

EUVDB-ID: #VU89250

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26593

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Resource management error

EUVDB-ID: #VU93864

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52598

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Integer overflow

EUVDB-ID: #VU91180

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26668

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Buffer overflow

EUVDB-ID: #VU87748

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52435

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Security features bypass

EUVDB-ID: #VU92172

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52597

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU90608

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26715

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_gadget_suspend() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Resource management error

EUVDB-ID: #VU93206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26707

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper locking

EUVDB-ID: #VU92045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52635

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU90604

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26695

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/crypto/ccp/sev-dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Race condition

EUVDB-ID: #VU91482

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26698

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Buffer overflow

EUVDB-ID: #VU91209

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52494

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the mhi_del_ring_element() function in drivers/bus/mhi/host/main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Buffer overflow

EUVDB-ID: #VU93805

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26920

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Expired pointer dereference

EUVDB-ID: #VU93809

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26808

CWE-ID: CWE-825 - Expired pointer dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper Initialization

EUVDB-ID: #VU91556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52616

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU90626

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52492

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Out-of-bounds read

EUVDB-ID: #VU91100

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26702

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Improper locking

EUVDB-ID: #VU91535

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26644

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Race condition

EUVDB-ID: #VU89388

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52489

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Information disclosure

EUVDB-ID: #VU91365

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26697

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-aws to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-aws (Ubuntu package): before 5.15.0.1061.67~20.04.1

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1061.61

linux-image-5.15.0-1061-aws (Ubuntu package): before 5.15.0-1061.67~20.04.1

CPE2.3

External links