Ubuntu update for linux-azure
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 220 |
| CVE-ID | CVE-2022-38096 CVE-2023-47233 CVE-2023-6270 CVE-2023-7042 CVE-2024-23307 CVE-2024-24861 CVE-2024-25739 CVE-2024-27432 CVE-2024-26859 CVE-2024-26944 CVE-2024-27049 CVE-2024-26868 CVE-2024-26932 CVE-2024-35843 CVE-2024-35814 CVE-2024-26866 CVE-2024-26941 CVE-2024-27080 CVE-2024-26938 CVE-2024-26889 CVE-2024-27075 CVE-2024-27077 CVE-2024-26864 CVE-2024-35787 CVE-2024-27071 CVE-2024-26880 CVE-2024-26961 CVE-2024-26945 CVE-2024-26863 CVE-2024-35795 CVE-2024-27045 CVE-2024-27066 CVE-2024-27046 CVE-2024-26816 CVE-2024-27069 CVE-2024-26861 CVE-2024-26968 CVE-2024-26963 CVE-2024-26878 CVE-2024-27073 CVE-2024-35806 CVE-2024-26951 CVE-2024-26954 CVE-2024-27026 CVE-2024-26956 CVE-2024-35811 CVE-2024-35803 CVE-2024-26964 CVE-2024-26848 CVE-2024-27434 CVE-2024-35844 CVE-2024-26977 CVE-2024-27031 CVE-2024-35813 CVE-2024-26960 CVE-2024-27067 CVE-2024-26937 CVE-2024-26884 CVE-2024-26656 CVE-2024-27068 CVE-2024-26871 CVE-2023-52653 CVE-2024-26939 CVE-2024-26967 CVE-2024-26966 CVE-2024-27043 CVE-2024-26814 CVE-2024-35829 CVE-2024-26973 CVE-2024-35810 CVE-2024-26877 CVE-2024-27392 CVE-2024-35805 CVE-2024-26875 CVE-2024-26970 CVE-2024-26657 CVE-2024-26874 CVE-2024-26971 CVE-2024-26872 CVE-2024-35798 CVE-2024-26931 CVE-2024-26948 CVE-2024-26883 CVE-2024-26955 CVE-2024-27039 CVE-2024-27038 CVE-2024-27065 CVE-2024-26899 CVE-2024-27048 CVE-2024-35874 CVE-2024-35845 CVE-2024-35799 CVE-2024-35827 CVE-2024-26935 CVE-2024-27079 CVE-2024-35821 CVE-2024-26950 CVE-2024-26879 CVE-2024-26940 CVE-2024-35788 CVE-2024-26891 CVE-2024-27063 CVE-2024-27433 CVE-2024-27036 CVE-2024-35819 CVE-2024-26969 CVE-2024-27044 CVE-2024-27028 CVE-2024-27070 CVE-2023-52649 CVE-2024-27435 CVE-2024-35830 CVE-2024-26929 CVE-2024-26653 CVE-2024-26887 CVE-2024-26869 CVE-2024-26942 CVE-2024-35822 CVE-2024-26979 CVE-2024-26881 CVE-2024-26655 CVE-2024-26975 CVE-2023-52650 CVE-2024-26651 CVE-2024-35828 CVE-2024-26965 CVE-2024-27437 CVE-2024-35794 CVE-2024-26962 CVE-2024-27058 CVE-2024-27076 CVE-2024-27035 CVE-2024-27074 CVE-2024-27027 CVE-2024-26860 CVE-2024-27042 CVE-2024-27390 CVE-2024-26815 CVE-2023-52662 CVE-2024-27051 CVE-2024-35796 CVE-2024-27047 CVE-2024-26930 CVE-2024-26865 CVE-2024-27064 CVE-2024-35826 CVE-2024-26885 CVE-2024-26873 CVE-2024-26943 CVE-2024-26893 CVE-2024-27030 CVE-2024-26976 CVE-2024-35793 CVE-2024-26952 CVE-2023-52644 CVE-2024-35797 CVE-2024-27029 CVE-2024-26927 CVE-2024-26812 CVE-2024-26897 CVE-2024-26890 CVE-2024-26972 CVE-2024-35800 CVE-2024-27032 CVE-2024-27052 CVE-2023-52647 CVE-2024-26898 CVE-2023-52652 CVE-2024-35808 CVE-2024-26876 CVE-2024-26933 CVE-2024-26862 CVE-2024-27033 CVE-2023-52663 CVE-2024-27041 CVE-2023-52648 CVE-2024-26888 CVE-2024-26957 CVE-2024-26953 CVE-2023-52659 CVE-2024-27436 CVE-2024-27040 CVE-2024-27054 CVE-2024-27050 CVE-2024-26886 CVE-2023-52661 CVE-2024-35831 CVE-2024-26946 CVE-2024-26949 CVE-2024-26809 CVE-2024-26892 CVE-2024-26654 CVE-2024-26901 CVE-2024-27053 CVE-2024-26882 CVE-2024-35809 CVE-2024-26978 CVE-2024-27037 CVE-2024-27391 CVE-2024-27034 CVE-2024-26895 CVE-2024-35817 CVE-2024-26900 CVE-2024-26896 CVE-2024-26958 CVE-2024-35801 CVE-2024-27388 CVE-2024-26934 CVE-2024-27078 CVE-2024-35789 CVE-2024-26894 CVE-2024-27389 CVE-2024-35807 CVE-2024-27072 CVE-2024-26947 CVE-2024-26870 CVE-2024-26813 CVE-2022-48669 CVE-2024-26959 CVE-2024-26810 |
| CWE-ID | CWE-476 CWE-416 CWE-190 CWE-362 CWE-754 CWE-399 CWE-415 CWE-369 CWE-667 CWE-119 CWE-121 CWE-401 CWE-200 CWE-908 CWE-617 CWE-366 CWE-125 CWE-20 CWE-682 CWE-388 CWE-835 CWE-191 CWE-252 CWE-665 CWE-787 CWE-404 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1008-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1008-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1004-gke (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 220 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU73764
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38096
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU82755
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU85422
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU91634
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24861
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92399
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25739
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93774
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27432
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90573
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90182
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26944
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_load_block_group_zone_info(), bitmap_free() and do_zone_finish() functions in fs/btrfs/zoned.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90179
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mt7925_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7925/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90571
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26868
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ff_layout_cancel_io() function in fs/nfs/flexfilelayout/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Double free
EUVDB-ID: #VU90926
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26932
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the tcpm_port_unregister_pd() function in drivers/usb/typec/tcpm/tcpm.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU90161
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35843
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prq_event_thread() function in drivers/iommu/intel/svm.c, within the intel_iommu_release_device() function in drivers/iommu/intel/iommu.c, within the alloc_iommu() function in drivers/iommu/intel/dmar.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU91612
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35814
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to double allocation of slots within the swiotlb_area_find_slots() function in kernel/dma/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU90196
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Division by zero
EUVDB-ID: #VU91375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26941
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the drm_dp_bw_overhead() function in drivers/gpu/drm/display/drm_dp_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU90766
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27080
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the try_release_extent_state(), flush_fiemap_cache(), emit_fiemap_extent(), fiemap_search_slot(), fiemap_process_hole(), extent_fiemap(), i_size_read() and unlock_extent() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource management error
EUVDB-ID: #VU92986
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26938
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_bios_encoder_supports_dp_dual_mode() function in drivers/gpu/drm/i915/display/intel_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU91312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU90451
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27077
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information disclosure
EUVDB-ID: #VU91364
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26864
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sock_prot_inuse_add() function in net/ipv4/inet_hashtables.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Resource management error
EUVDB-ID: #VU93295
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35787
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __write_sb_page(), filemap_write_page(), md_bitmap_file_set_bit() and md_bitmap_file_clear_bit() functions in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU90526
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27071
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hx8357_probe() function in drivers/video/backlight/hx8357.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU90186
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Division by zero
EUVDB-ID: #VU91376
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26945
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the save_iaa_wq() and remove_iaa_wq() functions in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use of uninitialized resource
EUVDB-ID: #VU90877
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU90756
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35795
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_debugfs_mqd_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU91310
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27045
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Information disclosure
EUVDB-ID: #VU91354
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27066
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the virtqueue_add_indirect_packed(), virtqueue_add_packed() and detach_buf_packed() functions in drivers/virtio/virtio_ring.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU90519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27046
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Reachable assertion
EUVDB-ID: #VU90908
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27069
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_verify_area() function in fs/overlayfs/copy_up.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Race condition within a thread
EUVDB-ID: #VU91433
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26861
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU91396
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26968
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq9574.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93601
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26963
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dwc3_ti_remove_core() and dwc3_ti_remove() functions in drivers/usb/dwc3/dwc3-am62.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU90755
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35806
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU90187
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26951
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU90321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26954
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Resource management error
EUVDB-ID: #VU93842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27026
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Buffer overflow
EUVDB-ID: #VU93155
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU90164
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU93151
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35803
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_FUNC_START(), SYM_FUNC_START_LOCAL() and SYM_DATA_END() functions in arch/x86/boot/compressed/efi_mixed.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU90561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26964
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU91526
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26848
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_dir_iterate_block() function in fs/afs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU93681
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27434
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_get_sec_flags() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Incorrect calculation
EUVDB-ID: #VU93756
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Memory leak
EUVDB-ID: #VU91644
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26977
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU90764
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27031
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_netfs_issue_read() function in fs/nfs/fscache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Incorrect calculation
EUVDB-ID: #VU93614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35813
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Race condition
EUVDB-ID: #VU91475
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Resource management error
EUVDB-ID: #VU93195
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27067
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the evtchn_free_ring(), evtchn_interrupt() and evtchn_unbind_from_user() functions in drivers/xen/evtchn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Reachable assertion
EUVDB-ID: #VU90909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26937
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU88145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Memory leak
EUVDB-ID: #VU89992
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27068
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lvts_calibration_read() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU90569
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26871
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_f2fs_submit_page_write() and __submit_merged_bio() functions in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Memory leak
EUVDB-ID: #VU90459
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52653
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU90181
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26939
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the active_to_vma() and i915_vma_pin_ww() functions in drivers/gpu/drm/i915/i915_vma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds read
EUVDB-ID: #VU91395
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/camcc-sc8280xp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Out-of-bounds read
EUVDB-ID: #VU91394
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Memory leak
EUVDB-ID: #VU90446
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35829
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Information disclosure
EUVDB-ID: #VU91360
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Buffer overflow
EUVDB-ID: #VU93666
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35810
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vmw_du_cursor_mob_size() and vmw_du_cursor_plane_cleanup_fb() functions in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Resource management error
EUVDB-ID: #VU93200
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Double free
EUVDB-ID: #VU90925
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27392
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ns_update_nuse() function in drivers/nvme/host/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Improper locking
EUVDB-ID: #VU91519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU90193
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Out-of-bounds read
EUVDB-ID: #VU91398
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq6018.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU88146
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26657
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/gpu/drm/scheduler/sched_entity.c. A local user can send an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) NULL pointer dereference
EUVDB-ID: #VU90575
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Out-of-bounds read
EUVDB-ID: #VU91399
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26971
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq5018.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU90199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Race condition
EUVDB-ID: #VU91468
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35798
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the read_extent_buffer_pages() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU90563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26931
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Input validation error
EUVDB-ID: #VU94134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_state_free() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Buffer overflow
EUVDB-ID: #VU91602
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper error handling
EUVDB-ID: #VU93652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26955
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Infinite loop
EUVDB-ID: #VU93067
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27039
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the hisi_clk_register_pll() function in drivers/clk/hisilicon/clk-hi3559a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU91236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27038
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Resource management error
EUVDB-ID: #VU94105
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27065
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper locking
EUVDB-ID: #VU90780
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26899
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_MUTEX(), bd_link_disk_holder(), kfree() and bd_unlink_disk_holder() functions in block/holder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU90524
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU90510
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aio_complete() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Input validation error
EUVDB-ID: #VU91609
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35845
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Input validation error
EUVDB-ID: #VU93448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35799
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_disable_stream() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Integer underflow
EUVDB-ID: #VU91193
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35827
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the io_recvmsg_mshot_prep() function in io_uring/net.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Information disclosure
EUVDB-ID: #VU91358
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26935
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) NULL pointer dereference
EUVDB-ID: #VU90518
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27079
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_pasid_setup_nested() function in drivers/iommu/intel/pasid.c, within the domain_context_clear() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Improper locking
EUVDB-ID: #VU92025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35821
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) NULL pointer dereference
EUVDB-ID: #VU91460
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26950
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) NULL pointer dereference
EUVDB-ID: #VU90572
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Resource management error
EUVDB-ID: #VU93394
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26940
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmw_debugfs_resource_managers_init() function in drivers/gpu/drm/vmwgfx/vmwgfx_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Out-of-bounds read
EUVDB-ID: #VU90311
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35788
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn35_clk_mgr_helper_populate_bw_params() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU91524
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Resource management error
EUVDB-ID: #VU93296
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27063
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netdev_trig_notify() function in drivers/leds/trigger/ledtrig-netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Double free
EUVDB-ID: #VU90924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27433
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the clk_mt7622_apmixed_remove() function in drivers/clk/mediatek/clk-mt7622-apmixedsys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Infinite loop
EUVDB-ID: #VU93066
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27036
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cifs_partialpagewrite(), cifs_extend_writeback(), cifs_write_back_from_locked_folio(), cifs_writepages_region() and cifs_writepages() functions in fs/smb/client/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Out-of-bounds read
EUVDB-ID: #VU91397
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) NULL pointer dereference
EUVDB-ID: #VU90521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27044
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) NULL pointer dereference
EUVDB-ID: #VU90555
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use-after-free
EUVDB-ID: #VU90176
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_filemap_fault() function in fs/f2fs/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Input validation error
EUVDB-ID: #VU94129
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52649
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the apply_lut_to_channel_value() function in drivers/gpu/drm/vkms/vkms_composer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper locking
EUVDB-ID: #VU90758
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27435
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_alloc_admin_tag_set() and nvme_alloc_io_tag_set() functions in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU93591
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35830
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Double free
EUVDB-ID: #VU90894
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26929
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Double Free
EUVDB-ID: #VU88149
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26653
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in drivers/usb/misc/usb-ljca.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Memory leak
EUVDB-ID: #VU90001
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26887
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btusb_recv_acl_mtk() function in drivers/bluetooth/btusb.c, within the btmtk_process_coredump() function in drivers/bluetooth/btmtk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Improper locking
EUVDB-ID: #VU92036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26869
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_inplace_write_data() and f2fs_wait_on_block_writeback_range() functions in fs/f2fs/segment.c, within the do_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU91237
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26942
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the at8031_parse_dt() and at8031_probe() functions in drivers/net/phy/at803x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU93464
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU90558
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26979
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vmw_resource_context_res_add(), vmw_cmd_dx_define_query(), vmw_cmd_dx_view_define(), vmw_cmd_dx_so_define(), vmw_cmd_dx_define_shader() and vmw_cmd_dx_define_streamoutput() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) NULL pointer dereference
EUVDB-ID: #VU90578
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Memory leak
EUVDB-ID: #VU88147
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26655
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the posix_clock_open() function in kernel/time/posix-clock.c. A local user can perform a denial of service attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) NULL pointer dereference
EUVDB-ID: #VU90560
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26975
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rapl_config() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Memory leak
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU90760
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35794
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the md_clean() and __md_stop_writes() functions in drivers/md/md.c, within the raid_message(), raid_postsuspend(), raid_preresume() and raid_resume() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Improper locking
EUVDB-ID: #VU90775
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26962
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_stripe_request(), raid5_make_request(), raid5_start() and raid5_init() functions in drivers/md/raid5.c, within the is_suspended() and md_account_bio() functions in drivers/md/md.c, within the raid_map(), raid_message(), raid_presuspend() and raid_resume() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Race condition
EUVDB-ID: #VU91472
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27058
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the shmem_free_file_info(), shmem_get_next_id(), shmem_acquire_dquot(), shmem_is_empty_dquot() and shmem_release_dquot() functions in mm/shmem_quota.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU89991
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Resource management error
EUVDB-ID: #VU93857
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27035
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Memory leak
EUVDB-ID: #VU90453
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Incorrect calculation
EUVDB-ID: #VU93758
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27027
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dpll_xa_ref_pin_del() and dpll_xa_ref_dpll_del() functions in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Memory leak
EUVDB-ID: #VU89999
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26860
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_integrity_rw_tag() function in drivers/md/dm-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Out-of-bounds read
EUVDB-ID: #VU90315
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27042
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_discovery_reg_base_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Resource management error
EUVDB-ID: #VU94104
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27390
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way the synchronize_net() function is called within the ipv6_mc_down() function in net/ipv6/mcast.c, which can lead to long synchronization up to 5 minutes. A remote attacker can perform a denial of service (DoS) attack by initiating multiple connections.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Out-of-bounds read
EUVDB-ID: #VU90326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26815
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the NLA_POLICY_MAX() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Memory leak
EUVDB-ID: #VU90444
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52662
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU91501
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) NULL pointer dereference
EUVDB-ID: #VU90553
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35796
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU90520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27047
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Double free
EUVDB-ID: #VU90895
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26930
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Use-after-free
EUVDB-ID: #VU90195
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_purge() function in net/ipv4/tcp_minisocks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Memory leak
EUVDB-ID: #VU89993
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27064
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Incorrect calculation
EUVDB-ID: #VU93757
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35826
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __bio_release_pages() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Buffer overflow
EUVDB-ID: #VU89840
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Improper locking
EUVDB-ID: #VU90781
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26873
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hisi_sas_internal_abort_timeout() function in drivers/scsi/hisi_sas/hisi_sas_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) NULL pointer dereference
EUVDB-ID: #VU90527
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26943
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_dmem_evict_chunk() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) NULL pointer dereference
EUVDB-ID: #VU90577
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Race condition
EUVDB-ID: #VU91473
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27030
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Improper locking
EUVDB-ID: #VU90761
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35793
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __debugfs_file_removed() function in fs/debugfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Out-of-bounds read
EUVDB-ID: #VU90317
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26952
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Infinite loop
EUVDB-ID: #VU93068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52644
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Out-of-bounds read
EUVDB-ID: #VU90310
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35797
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Out-of-bounds read
EUVDB-ID: #VU90316
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27029
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mmhub_v3_3_print_l2_protection_fault_status() function in drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Integer underflow
EUVDB-ID: #VU91671
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26927
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the sof_ipc3_fw_parse_ext_man() function in sound/soc/sof/ipc3-loader.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU90580
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Out-of-bounds read
EUVDB-ID: #VU90323
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26890
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in drivers/bluetooth/hci_h5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Memory leak
EUVDB-ID: #VU90465
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) NULL pointer dereference
EUVDB-ID: #VU93056
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35800
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the generic_ops_supported() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Infinite loop
EUVDB-ID: #VU93065
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27032
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the f2fs_reserve_new_block_retry() function in fs/f2fs/recovery.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Use-after-free
EUVDB-ID: #VU90180
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) NULL pointer dereference
EUVDB-ID: #VU91459
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52647
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxc_isi_crossbar_xlate_streams() function in drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Information disclosure
EUVDB-ID: #VU91353
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52652
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Improper locking
EUVDB-ID: #VU90754
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35808
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Improper Initialization
EUVDB-ID: #VU91552
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26876
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the adv7511_probe() function in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Improper locking
EUVDB-ID: #VU90777
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26933
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Input validation error
EUVDB-ID: #VU93684
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27033
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Memory leak
EUVDB-ID: #VU89987
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52663
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_sof_acp_probe() function in sound/soc/sof/amd/acp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) NULL pointer dereference
EUVDB-ID: #VU92069
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27041
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Resource management error
EUVDB-ID: #VU92985
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52648
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmw_du_cursor_plane_prepare_fb() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Memory leak
EUVDB-ID: #VU90000
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26888
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msft_add_address_filter_sync() function in net/bluetooth/msft.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Use-after-free
EUVDB-ID: #VU91062
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26957
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Information disclosure
EUVDB-ID: #VU91359
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26953
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Input validation error
EUVDB-ID: #VU93682
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/x86/include/asm/page.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Out-of-bounds write
EUVDB-ID: #VU93594
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27436
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) NULL pointer dereference
EUVDB-ID: #VU90522
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27040
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the edp_set_replay_allow_active() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Incorrect calculation
EUVDB-ID: #VU93759
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27054
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Out-of-bounds read
EUVDB-ID: #VU91094
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27050
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bpf_xdp_query() function in tools/lib/bpf/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Use-after-free
EUVDB-ID: #VU90200
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Improper error handling
EUVDB-ID: #VU90948
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52661
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tegra_dc_rgb_probe() function in drivers/gpu/drm/tegra/rgb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Input validation error
EUVDB-ID: #VU94128
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35831
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __io_uaddr_map() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Input validation error
EUVDB-ID: #VU93686
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26946
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_probe() function in arch/x86/kernel/kprobes/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) NULL pointer dereference
EUVDB-ID: #VU90562
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26949
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smu_v13_0_7_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c, within the smu_v13_0_0_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c, within the sienna_cichlid_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c, within the navi10_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c, within the arcturus_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Improper resource shutdown or release
EUVDB-ID: #VU93747
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26809
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Use-after-free
EUVDB-ID: #VU90201
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26892
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mt792x_irq_handler() function in drivers/net/wireless/mediatek/mt76/mt792x_dma.c, within the mt7921_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7921/pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Race condition
EUVDB-ID: #VU88148
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26654
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Improper locking
EUVDB-ID: #VU92029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27053
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Use of uninitialized resource
EUVDB-ID: #VU90878
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26882
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Improper error handling
EUVDB-ID: #VU90947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) NULL pointer dereference
EUVDB-ID: #VU90559
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26978
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max310x_i2c_slave_addr() function in drivers/tty/serial/max310x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) NULL pointer dereference
EUVDB-ID: #VU90523
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27037
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Memory leak
EUVDB-ID: #VU91643
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27391
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wilc_netdev_ifc_init() function in drivers/net/wireless/microchip/wilc1000/netdev.c, within the wilc_cfg80211_init() function in drivers/net/wireless/microchip/wilc1000/cfg80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Improper locking
EUVDB-ID: #VU93785
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27034
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Use-after-free
EUVDB-ID: #VU90202
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26895
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Resource management error
EUVDB-ID: #VU93595
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Memory leak
EUVDB-ID: #VU90468
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26900
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Memory leak
EUVDB-ID: #VU89998
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26896
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wfx_set_mfp_ap() function in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Input validation error
EUVDB-ID: #VU93680
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35801
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fpu__init_cpu_xstate() function in arch/x86/kernel/fpu/xstate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Memory leak
EUVDB-ID: #VU90449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Memory leak
EUVDB-ID: #VU90450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Memory leak
EUVDB-ID: #VU90002
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26894
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Resource management error
EUVDB-ID: #VU91608
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27389
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Resource management error
EUVDB-ID: #VU93270
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Improper locking
EUVDB-ID: #VU90765
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27072
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Use-after-free
EUVDB-ID: #VU92213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Buffer overflow
EUVDB-ID: #VU92006
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26870
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) NULL pointer dereference
EUVDB-ID: #VU90588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Memory leak
EUVDB-ID: #VU90457
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the arch/powerpc/platforms/pseries/papr_platform_attributes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Input validation error
EUVDB-ID: #VU94133
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26959
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the btnxpuart_close() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Improper locking
EUVDB-ID: #VU91318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-gke (Ubuntu package): before 6.8.0-1004.7
linux-image-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure-fde (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-azure (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1004-gke (Ubuntu package): before 6.8.0-1004.7
External linkshttp://ubuntu.com/security/notices/USN-6817-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
