Ubuntu update for linux-oem-6.8



Risk Medium
Patch available YES
Number of vulnerabilities 220
CVE-ID CVE-2022-38096
CVE-2023-47233
CVE-2023-6270
CVE-2023-7042
CVE-2024-23307
CVE-2024-24861
CVE-2024-25739
CVE-2024-27432
CVE-2024-26859
CVE-2024-26944
CVE-2024-27049
CVE-2024-26868
CVE-2024-26932
CVE-2024-35843
CVE-2024-35814
CVE-2024-26866
CVE-2024-26941
CVE-2024-27080
CVE-2024-26938
CVE-2024-26889
CVE-2024-27075
CVE-2024-27077
CVE-2024-26864
CVE-2024-35787
CVE-2024-27071
CVE-2024-26880
CVE-2024-26961
CVE-2024-26945
CVE-2024-26863
CVE-2024-35795
CVE-2024-27045
CVE-2024-27066
CVE-2024-27046
CVE-2024-26816
CVE-2024-27069
CVE-2024-26861
CVE-2024-26968
CVE-2024-26963
CVE-2024-26878
CVE-2024-27073
CVE-2024-35806
CVE-2024-26951
CVE-2024-26954
CVE-2024-27026
CVE-2024-26956
CVE-2024-35811
CVE-2024-35803
CVE-2024-26964
CVE-2024-26848
CVE-2024-27434
CVE-2024-35844
CVE-2024-26977
CVE-2024-27031
CVE-2024-35813
CVE-2024-26960
CVE-2024-27067
CVE-2024-26937
CVE-2024-26884
CVE-2024-26656
CVE-2024-27068
CVE-2024-26871
CVE-2023-52653
CVE-2024-26939
CVE-2024-26967
CVE-2024-26966
CVE-2024-27043
CVE-2024-26814
CVE-2024-35829
CVE-2024-26973
CVE-2024-35810
CVE-2024-26877
CVE-2024-27392
CVE-2024-35805
CVE-2024-26875
CVE-2024-26970
CVE-2024-26657
CVE-2024-26874
CVE-2024-26971
CVE-2024-26872
CVE-2024-35798
CVE-2024-26931
CVE-2024-26948
CVE-2024-26883
CVE-2024-26955
CVE-2024-27039
CVE-2024-27038
CVE-2024-27065
CVE-2024-26899
CVE-2024-27048
CVE-2024-35874
CVE-2024-35845
CVE-2024-35799
CVE-2024-35827
CVE-2024-26935
CVE-2024-27079
CVE-2024-35821
CVE-2024-26950
CVE-2024-26879
CVE-2024-26940
CVE-2024-35788
CVE-2024-26891
CVE-2024-27063
CVE-2024-27433
CVE-2024-27036
CVE-2024-35819
CVE-2024-26969
CVE-2024-27044
CVE-2024-27028
CVE-2024-27070
CVE-2023-52649
CVE-2024-27435
CVE-2024-35830
CVE-2024-26929
CVE-2024-26653
CVE-2024-26887
CVE-2024-26869
CVE-2024-26942
CVE-2024-35822
CVE-2024-26979
CVE-2024-26881
CVE-2024-26655
CVE-2024-26975
CVE-2023-52650
CVE-2024-26651
CVE-2024-35828
CVE-2024-26965
CVE-2024-27437
CVE-2024-35794
CVE-2024-26962
CVE-2024-27058
CVE-2024-27076
CVE-2024-27035
CVE-2024-27074
CVE-2024-27027
CVE-2024-26860
CVE-2024-27042
CVE-2024-27390
CVE-2024-26815
CVE-2023-52662
CVE-2024-27051
CVE-2024-35796
CVE-2024-27047
CVE-2024-26930
CVE-2024-26865
CVE-2024-27064
CVE-2024-35826
CVE-2024-26885
CVE-2024-26873
CVE-2024-26943
CVE-2024-26893
CVE-2024-27030
CVE-2024-26976
CVE-2024-35793
CVE-2024-26952
CVE-2023-52644
CVE-2024-35797
CVE-2024-27029
CVE-2024-26927
CVE-2024-26812
CVE-2024-26897
CVE-2024-26890
CVE-2024-26972
CVE-2024-35800
CVE-2024-27032
CVE-2024-27052
CVE-2023-52647
CVE-2024-26898
CVE-2023-52652
CVE-2024-35808
CVE-2024-26876
CVE-2024-26933
CVE-2024-26862
CVE-2024-27033
CVE-2023-52663
CVE-2024-27041
CVE-2023-52648
CVE-2024-26888
CVE-2024-26957
CVE-2024-26953
CVE-2023-52659
CVE-2024-27436
CVE-2024-27040
CVE-2024-27054
CVE-2024-27050
CVE-2024-26886
CVE-2023-52661
CVE-2024-35831
CVE-2024-26946
CVE-2024-26949
CVE-2024-26809
CVE-2024-26892
CVE-2024-26654
CVE-2024-26901
CVE-2024-27053
CVE-2024-26882
CVE-2024-35809
CVE-2024-26978
CVE-2024-27037
CVE-2024-27391
CVE-2024-27034
CVE-2024-26895
CVE-2024-35817
CVE-2024-26900
CVE-2024-26896
CVE-2024-26958
CVE-2024-35801
CVE-2024-27388
CVE-2024-26934
CVE-2024-27078
CVE-2024-35789
CVE-2024-26894
CVE-2024-27389
CVE-2024-35807
CVE-2024-27072
CVE-2024-26947
CVE-2024-26870
CVE-2024-26813
CVE-2022-48669
CVE-2024-26959
CVE-2024-26810
CWE-ID CWE-476
CWE-416
CWE-190
CWE-362
CWE-754
CWE-399
CWE-415
CWE-369
CWE-667
CWE-119
CWE-121
CWE-401
CWE-200
CWE-908
CWE-617
CWE-366
CWE-125
CWE-20
CWE-682
CWE-388
CWE-835
CWE-191
CWE-252
CWE-665
CWE-787
CWE-404
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

linux-image-oem-24.04a (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.8.0-1006-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 220 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU73764

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38096

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU82755

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47233

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU85422

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7042

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU88102

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23307

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition

EUVDB-ID: #VU91634

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24861

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper check for unusual or exceptional conditions

EUVDB-ID: #VU92399

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25739

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU93774

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27432

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU90573

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26859

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU90182

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26944

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_block_group_zone_info(), bitmap_free() and do_zone_finish() functions in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90179

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mt7925_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7925/pci.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU90571

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26868

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ff_layout_cancel_io() function in fs/nfs/flexfilelayout/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Double free

EUVDB-ID: #VU90926

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26932

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the tcpm_port_unregister_pd() function in drivers/usb/typec/tcpm/tcpm.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU90161

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35843

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prq_event_thread() function in drivers/iommu/intel/svm.c, within the intel_iommu_release_device() function in drivers/iommu/intel/iommu.c, within the alloc_iommu() function in drivers/iommu/intel/dmar.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU91612

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35814

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to double allocation of slots within the swiotlb_area_find_slots() function in kernel/dma/swiotlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU90196

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26866

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Division by zero

EUVDB-ID: #VU91375

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26941

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the drm_dp_bw_overhead() function in drivers/gpu/drm/display/drm_dp_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU90766

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the try_release_extent_state(), flush_fiemap_cache(), emit_fiemap_extent(), fiemap_search_slot(), fiemap_process_hole(), extent_fiemap(), i_size_read() and unlock_extent() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Resource management error

EUVDB-ID: #VU92986

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26938

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the intel_bios_encoder_supports_dp_dual_mode() function in drivers/gpu/drm/i915/display/intel_bios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Buffer overflow

EUVDB-ID: #VU91312

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26889

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Stack-based buffer overflow

EUVDB-ID: #VU91298

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27075

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU90451

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27077

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Information disclosure

EUVDB-ID: #VU91364

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26864

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sock_prot_inuse_add() function in net/ipv4/inet_hashtables.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU93295

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35787

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __write_sb_page(), filemap_write_page(), md_bitmap_file_set_bit() and md_bitmap_file_clear_bit() functions in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU90526

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27071

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hx8357_probe() function in drivers/video/backlight/hx8357.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Resource management error

EUVDB-ID: #VU92988

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26880

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU90186

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26961

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Division by zero

EUVDB-ID: #VU91376

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26945

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the save_iaa_wq() and remove_iaa_wq() functions in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use of uninitialized resource

EUVDB-ID: #VU90877

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26863

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU90756

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35795

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_debugfs_mqd_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU91310

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27045

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Information disclosure

EUVDB-ID: #VU91354

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27066

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the virtqueue_add_indirect_packed(), virtqueue_add_packed() and detach_buf_packed() functions in drivers/virtio/virtio_ring.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU90519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27046

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Memory leak

EUVDB-ID: #VU91650

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26816

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Reachable assertion

EUVDB-ID: #VU90908

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27069

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ovl_verify_area() function in fs/overlayfs/copy_up.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Race condition within a thread

EUVDB-ID: #VU91433

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26861

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU91396

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26968

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq9574.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Resource management error

EUVDB-ID: #VU93601

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26963

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dwc3_ti_remove_core() and dwc3_ti_remove() functions in drivers/usb/dwc3/dwc3-am62.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) NULL pointer dereference

EUVDB-ID: #VU90574

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Memory leak

EUVDB-ID: #VU90455

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27073

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU90755

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35806

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU90187

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26951

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU90321

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26954

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Resource management error

EUVDB-ID: #VU93842

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27026

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU93155

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26956

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU90164

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35811

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU93151

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35803

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_FUNC_START(), SYM_FUNC_START_LOCAL() and SYM_DATA_END() functions in arch/x86/boot/compressed/efi_mixed.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU90561

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26964

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU91526

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26848

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the afs_dir_iterate_block() function in fs/afs/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Input validation error

EUVDB-ID: #VU93681

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27434

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_get_sec_flags() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Incorrect calculation

EUVDB-ID: #VU93756

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35844

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Memory leak

EUVDB-ID: #VU91644

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26977

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU90764

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27031

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfs_netfs_issue_read() function in fs/nfs/fscache.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Incorrect calculation

EUVDB-ID: #VU93614

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35813

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Race condition

EUVDB-ID: #VU91475

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26960

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Resource management error

EUVDB-ID: #VU93195

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27067

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the evtchn_free_ring(), evtchn_interrupt() and evtchn_unbind_from_user() functions in drivers/xen/evtchn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Reachable assertion

EUVDB-ID: #VU90909

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26937

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU91604

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use-after-free

EUVDB-ID: #VU88145

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to crash the kernel.

The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory leak

EUVDB-ID: #VU89992

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27068

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lvts_calibration_read() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU90569

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26871

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the trace_f2fs_submit_page_write() and __submit_merged_bio() functions in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Memory leak

EUVDB-ID: #VU90459

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52653

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use-after-free

EUVDB-ID: #VU90181

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26939

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the active_to_vma() and i915_vma_pin_ww() functions in drivers/gpu/drm/i915/i915_vma.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Out-of-bounds read

EUVDB-ID: #VU91395

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26967

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/camcc-sc8280xp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Out-of-bounds read

EUVDB-ID: #VU91394

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26966

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper error handling

EUVDB-ID: #VU92058

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26814

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Memory leak

EUVDB-ID: #VU90446

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35829

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Information disclosure

EUVDB-ID: #VU91360

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26973

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Buffer overflow

EUVDB-ID: #VU93666

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35810

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vmw_du_cursor_mob_size() and vmw_du_cursor_plane_cleanup_fb() functions in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Resource management error

EUVDB-ID: #VU93200

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26877

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Double free

EUVDB-ID: #VU90925

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27392

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ns_update_nuse() function in drivers/nvme/host/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper locking

EUVDB-ID: #VU91519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35805

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Use-after-free

EUVDB-ID: #VU90193

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26875

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Out-of-bounds read

EUVDB-ID: #VU91398

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26970

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq6018.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU88146

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26657

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/gpu/drm/scheduler/sched_entity.c. A local user can send an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU90575

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Out-of-bounds read

EUVDB-ID: #VU91399

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26971

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq5018.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU90199

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26872

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Race condition

EUVDB-ID: #VU91468

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35798

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the read_extent_buffer_pages() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU90563

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26931

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Input validation error

EUVDB-ID: #VU94134

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dc_state_free() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Buffer overflow

EUVDB-ID: #VU91602

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26883

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper error handling

EUVDB-ID: #VU93652

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26955

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Infinite loop

EUVDB-ID: #VU93067

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27039

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the hisi_clk_register_pll() function in drivers/clk/hisilicon/clk-hi3559a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) NULL pointer dereference

EUVDB-ID: #VU91236

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27038

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Resource management error

EUVDB-ID: #VU94105

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27065

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Improper locking

EUVDB-ID: #VU90780

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26899

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_MUTEX(), bd_link_disk_holder(), kfree() and bd_unlink_disk_holder() functions in block/holder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) NULL pointer dereference

EUVDB-ID: #VU90524

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU90510

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aio_complete() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Input validation error

EUVDB-ID: #VU91609

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35845

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Input validation error

EUVDB-ID: #VU93448

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35799

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_disable_stream() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Integer underflow

EUVDB-ID: #VU91193

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35827

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the io_recvmsg_mshot_prep() function in io_uring/net.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Information disclosure

EUVDB-ID: #VU91358

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26935

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) NULL pointer dereference

EUVDB-ID: #VU90518

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27079

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the intel_pasid_setup_nested() function in drivers/iommu/intel/pasid.c, within the domain_context_clear() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU92025

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35821

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) NULL pointer dereference

EUVDB-ID: #VU91460

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26950

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU90572

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Resource management error

EUVDB-ID: #VU93394

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26940

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmw_debugfs_resource_managers_init() function in drivers/gpu/drm/vmwgfx/vmwgfx_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU90311

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35788

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn35_clk_mgr_helper_populate_bw_params() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Improper locking

EUVDB-ID: #VU91524

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26891

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Resource management error

EUVDB-ID: #VU93296

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27063

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netdev_trig_notify() function in drivers/leds/trigger/ledtrig-netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Double free

EUVDB-ID: #VU90924

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27433

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the clk_mt7622_apmixed_remove() function in drivers/clk/mediatek/clk-mt7622-apmixedsys.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Infinite loop

EUVDB-ID: #VU93066

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27036

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cifs_partialpagewrite(), cifs_extend_writeback(), cifs_write_back_from_locked_folio(), cifs_writepages_region() and cifs_writepages() functions in fs/smb/client/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper locking

EUVDB-ID: #VU91448

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35819

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Out-of-bounds read

EUVDB-ID: #VU91397

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) NULL pointer dereference

EUVDB-ID: #VU90521

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27044

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU90555

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Use-after-free

EUVDB-ID: #VU90176

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27070

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the f2fs_filemap_fault() function in fs/f2fs/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Input validation error

EUVDB-ID: #VU94129

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52649

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the apply_lut_to_channel_value() function in drivers/gpu/drm/vkms/vkms_composer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU90758

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27435

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvme_alloc_admin_tag_set() and nvme_alloc_io_tag_set() functions in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Double free

EUVDB-ID: #VU90894

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26929

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Double Free

EUVDB-ID: #VU88149

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26653

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in drivers/usb/misc/usb-ljca.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Memory leak

EUVDB-ID: #VU90001

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26887

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btusb_recv_acl_mtk() function in drivers/bluetooth/btusb.c, within the btmtk_process_coredump() function in drivers/bluetooth/btmtk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper locking

EUVDB-ID: #VU92036

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26869

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_inplace_write_data() and f2fs_wait_on_block_writeback_range() functions in fs/f2fs/segment.c, within the do_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) NULL pointer dereference

EUVDB-ID: #VU91237

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26942

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the at8031_parse_dt() and at8031_probe() functions in drivers/net/phy/at803x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Improper locking

EUVDB-ID: #VU93464

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35822

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) NULL pointer dereference

EUVDB-ID: #VU90558

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26979

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vmw_resource_context_res_add(), vmw_cmd_dx_define_query(), vmw_cmd_dx_view_define(), vmw_cmd_dx_so_define(), vmw_cmd_dx_define_shader() and vmw_cmd_dx_define_streamoutput() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) NULL pointer dereference

EUVDB-ID: #VU90578

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26881

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU88147

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26655

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the posix_clock_open() function in kernel/time/posix-clock.c. A local user can perform a denial of service attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) NULL pointer dereference

EUVDB-ID: #VU90560

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26975

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rapl_config() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) NULL pointer dereference

EUVDB-ID: #VU90517

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52650

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Unchecked Return Value

EUVDB-ID: #VU87902

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26651

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Memory leak

EUVDB-ID: #VU90447

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35828

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Out-of-bounds read

EUVDB-ID: #VU91393

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26965

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Resource management error

EUVDB-ID: #VU93202

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27437

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Improper locking

EUVDB-ID: #VU90760

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35794

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the md_clean() and __md_stop_writes() functions in drivers/md/md.c, within the raid_message(), raid_postsuspend(), raid_preresume() and raid_resume() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Improper locking

EUVDB-ID: #VU90775

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26962

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the make_stripe_request(), raid5_make_request(), raid5_start() and raid5_init() functions in drivers/md/raid5.c, within the is_suspended() and md_account_bio() functions in drivers/md/md.c, within the raid_map(), raid_message(), raid_presuspend() and raid_resume() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Race condition

EUVDB-ID: #VU91472

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27058

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the shmem_free_file_info(), shmem_get_next_id(), shmem_acquire_dquot(), shmem_is_empty_dquot() and shmem_release_dquot() functions in mm/shmem_quota.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Memory leak

EUVDB-ID: #VU89991

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Resource management error

EUVDB-ID: #VU93857

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27035

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Memory leak

EUVDB-ID: #VU90453

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Incorrect calculation

EUVDB-ID: #VU93758

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27027

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dpll_xa_ref_pin_del() and dpll_xa_ref_dpll_del() functions in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Memory leak

EUVDB-ID: #VU89999

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26860

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dm_integrity_rw_tag() function in drivers/md/dm-integrity.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Out-of-bounds read

EUVDB-ID: #VU90315

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27042

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the amdgpu_discovery_reg_base_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Resource management error

EUVDB-ID: #VU94104

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27390

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the synchronize_net() function is called within the ipv6_mc_down() function in net/ipv6/mcast.c, which can lead to long synchronization up to 5 minutes. A remote attacker can perform a denial of service (DoS) attack by initiating multiple connections.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Out-of-bounds read

EUVDB-ID: #VU90326

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26815

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the NLA_POLICY_MAX() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Memory leak

EUVDB-ID: #VU90444

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52662

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) NULL pointer dereference

EUVDB-ID: #VU91501

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27051

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) NULL pointer dereference

EUVDB-ID: #VU90553

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35796

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) NULL pointer dereference

EUVDB-ID: #VU90520

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27047

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Double free

EUVDB-ID: #VU90895

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26930

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Use-after-free

EUVDB-ID: #VU90195

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26865

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_purge() function in net/ipv4/tcp_minisocks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Memory leak

EUVDB-ID: #VU89993

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27064

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Incorrect calculation

EUVDB-ID: #VU93757

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35826

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __bio_release_pages() function in block/bio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Buffer overflow

EUVDB-ID: #VU89840

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26885

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Improper locking

EUVDB-ID: #VU90781

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26873

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hisi_sas_internal_abort_timeout() function in drivers/scsi/hisi_sas/hisi_sas_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) NULL pointer dereference

EUVDB-ID: #VU90527

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26943

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nouveau_dmem_evict_chunk() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) NULL pointer dereference

EUVDB-ID: #VU90577

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26893

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Race condition

EUVDB-ID: #VU91473

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27030

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Improper locking

EUVDB-ID: #VU90774

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Improper locking

EUVDB-ID: #VU90761

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35793

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __debugfs_file_removed() function in fs/debugfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Out-of-bounds read

EUVDB-ID: #VU90317

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26952

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Infinite loop

EUVDB-ID: #VU93068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52644

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Out-of-bounds read

EUVDB-ID: #VU90310

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35797

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Out-of-bounds read

EUVDB-ID: #VU90316

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27029

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mmhub_v3_3_print_l2_protection_fault_status() function in drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Integer underflow

EUVDB-ID: #VU91671

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26927

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the sof_ipc3_fw_parse_ext_man() function in sound/soc/sof/ipc3-loader.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Improper locking

EUVDB-ID: #VU91529

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26812

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) NULL pointer dereference

EUVDB-ID: #VU90580

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26897

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Out-of-bounds read

EUVDB-ID: #VU90323

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26890

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sizeof() function in drivers/bluetooth/hci_h5.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Memory leak

EUVDB-ID: #VU90465

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26972

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) NULL pointer dereference

EUVDB-ID: #VU93056

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35800

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the generic_ops_supported() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Infinite loop

EUVDB-ID: #VU93065

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27032

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the f2fs_reserve_new_block_retry() function in fs/f2fs/recovery.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) Use-after-free

EUVDB-ID: #VU90180

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27052

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) NULL pointer dereference

EUVDB-ID: #VU91459

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52647

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mxc_isi_crossbar_xlate_streams() function in drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Use-after-free

EUVDB-ID: #VU90197

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Information disclosure

EUVDB-ID: #VU91353

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52652

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Improper locking

EUVDB-ID: #VU90754

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35808

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Improper Initialization

EUVDB-ID: #VU91552

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26876

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the adv7511_probe() function in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Improper locking

EUVDB-ID: #VU90777

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26933

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Race condition within a thread

EUVDB-ID: #VU91434

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26862

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Input validation error

EUVDB-ID: #VU93684

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27033

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Memory leak

EUVDB-ID: #VU89987

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52663

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amd_sof_acp_probe() function in sound/soc/sof/amd/acp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) NULL pointer dereference

EUVDB-ID: #VU92069

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27041

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Resource management error

EUVDB-ID: #VU92985

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52648

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmw_du_cursor_plane_prepare_fb() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Memory leak

EUVDB-ID: #VU90000

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26888

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the msft_add_address_filter_sync() function in net/bluetooth/msft.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Use-after-free

EUVDB-ID: #VU91062

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Information disclosure

EUVDB-ID: #VU91359

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26953

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Input validation error

EUVDB-ID: #VU93682

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52659

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the arch/x86/include/asm/page.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Out-of-bounds write

EUVDB-ID: #VU93594

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) NULL pointer dereference

EUVDB-ID: #VU90522

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27040

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the edp_set_replay_allow_active() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Incorrect calculation

EUVDB-ID: #VU93759

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27054

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Out-of-bounds read

EUVDB-ID: #VU91094

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27050

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bpf_xdp_query() function in tools/lib/bpf/netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Use-after-free

EUVDB-ID: #VU90200

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Improper error handling

EUVDB-ID: #VU90948

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52661

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the tegra_dc_rgb_probe() function in drivers/gpu/drm/tegra/rgb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Input validation error

EUVDB-ID: #VU94128

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35831

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __io_uaddr_map() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Input validation error

EUVDB-ID: #VU93686

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26946

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the can_probe() function in arch/x86/kernel/kprobes/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) NULL pointer dereference

EUVDB-ID: #VU90562

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26949

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the smu_v13_0_7_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c, within the smu_v13_0_0_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c, within the sienna_cichlid_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c, within the navi10_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c, within the arcturus_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Improper resource shutdown or release

EUVDB-ID: #VU93747

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26809

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Use-after-free

EUVDB-ID: #VU90201

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26892

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mt792x_irq_handler() function in drivers/net/wireless/mediatek/mt76/mt792x_dma.c, within the mt7921_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7921/pci.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Race condition

EUVDB-ID: #VU88148

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26654

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Information disclosure

EUVDB-ID: #VU91363

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26901

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Improper locking

EUVDB-ID: #VU92029

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27053

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Use of uninitialized resource

EUVDB-ID: #VU90878

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26882

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Improper error handling

EUVDB-ID: #VU90947

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) NULL pointer dereference

EUVDB-ID: #VU90559

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26978

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the max310x_i2c_slave_addr() function in drivers/tty/serial/max310x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) NULL pointer dereference

EUVDB-ID: #VU90523

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27037

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

199) Memory leak

EUVDB-ID: #VU91643

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27391

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wilc_netdev_ifc_init() function in drivers/net/wireless/microchip/wilc1000/netdev.c, within the wilc_cfg80211_init() function in drivers/net/wireless/microchip/wilc1000/cfg80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

200) Improper locking

EUVDB-ID: #VU93785

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27034

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

201) Use-after-free

EUVDB-ID: #VU90202

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26895

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

202) Resource management error

EUVDB-ID: #VU93595

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35817

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

203) Memory leak

EUVDB-ID: #VU90468

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26900

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

204) Memory leak

EUVDB-ID: #VU89998

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26896

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wfx_set_mfp_ap() function in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

205) Use-after-free

EUVDB-ID: #VU90183

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

206) Input validation error

EUVDB-ID: #VU93680

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35801

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fpu__init_cpu_xstate() function in arch/x86/kernel/fpu/xstate.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

207) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

208) Improper locking

EUVDB-ID: #VU90776

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26934

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

209) Memory leak

EUVDB-ID: #VU90450

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

210) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

211) Memory leak

EUVDB-ID: #VU90002

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26894

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

212) Resource management error

EUVDB-ID: #VU91608

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27389

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

213) Resource management error

EUVDB-ID: #VU93270

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35807

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

214) Improper locking

EUVDB-ID: #VU90765

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27072

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

215) Use-after-free

EUVDB-ID: #VU92213

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26947

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

216) Buffer overflow

EUVDB-ID: #VU92006

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26870

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

217) NULL pointer dereference

EUVDB-ID: #VU90588

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26813

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

218) Memory leak

EUVDB-ID: #VU90457

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48669

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the arch/powerpc/platforms/pseries/papr_platform_attributes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

219) Input validation error

EUVDB-ID: #VU94133

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26959

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the btnxpuart_close() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

220) Improper locking

EUVDB-ID: #VU91318

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1006.6+1

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1006.6+1

linux-image-6.8.0-1006-oem (Ubuntu package): before 6.8.0-1006.6

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6817-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###