Debian update for linux

1) Out-of-bounds read

EUVDB-ID: #VU75995

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-2176

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU85422

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-7042

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU87457

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-28746

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU82755

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-47233

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Check for Unusual or Exceptional Conditions

EUVDB-ID: #VU87166

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52429

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU88283

Risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU87748

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52435

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU90802

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52583

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU90230

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52584

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mtk_spmi_probe() and mtk_spmi_remove() functions in drivers/spmi/spmi-mtk-pmif.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU91541

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52587

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Resource management error

EUVDB-ID: #VU93647

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52588

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper locking

EUVDB-ID: #VU91540

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rkisp1_isp_stop() function in drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c, within the rkisp1_csi_disable() function in drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU90629

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52593

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU90343

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52594

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU90803

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52595

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Security features bypass

EUVDB-ID: #VU92172

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52597

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Resource management error

EUVDB-ID: #VU93864

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52598

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU88105

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52599

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU88104

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52600

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/jfs/jfs_mount.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU88103

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52601

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU89254

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52602

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper validation of array index

EUVDB-ID: #VU88885

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52603

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of array index within the dtSplitRoot() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU90342

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52604

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU87343

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52606

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU90841

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52607

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper Initialization

EUVDB-ID: #VU91556

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52616

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU93474

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52617

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU93617

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52618

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU93668

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper access control

EUVDB-ID: #VU89268

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52620

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Reachable assertion

EUVDB-ID: #VU90912

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52621

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU93471

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU92046

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52623

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU91240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52631

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper locking

EUVDB-ID: #VU91534

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52632

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mutex_unlock() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Resource management error

EUVDB-ID: #VU93282

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52633

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU92045

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52635

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU90218

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52637

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU90796

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52638

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the j1939_jsk_add(), j1939_sk_recv_match(), j1939_sk_recv(), j1939_sk_errqueue() and j1939_sk_netdev_event_netdown() functions in net/can/j1939/socket.c, within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Race condition

EUVDB-ID: #VU91483

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52639

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU90331

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52640

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ntfs_list_ea() function in fs/ntfs3/xattr.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU90592

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52641

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ni_find_attr() and run_truncate_around() functions in fs/ntfs3/attrib.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper Initialization

EUVDB-ID: #VU86579

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0340

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization within the vhost_new_msg() function in drivers/vhost/vhost.c in the Linux kernel vhost driver. A local user can run a specially crafted application to gain access to sensitive kernel information.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) NULL pointer dereference

EUVDB-ID: #VU89389

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0841

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Stack-based buffer overflow

EUVDB-ID: #VU87165

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1151

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88374

Risk: Medium

CVSSv4.0: 7.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2024-2201

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU87192

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-22099

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Reachable Assertion

EUVDB-ID: #VU87594

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23850

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

EUVDB-ID: #VU87595

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-23851

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Race condition

EUVDB-ID: #VU92719

Risk: Low

CVSSv4.0: 2.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24857

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to damange or delete data.

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Race condition

EUVDB-ID: #VU92720

Risk: Low

CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-24858

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU88887

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26581

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use-after-free

EUVDB-ID: #VU89002

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26582

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/tls/tls_sw.c during partial reads and async decrypt. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Race condition

EUVDB-ID: #VU87596

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26583

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Error handling

EUVDB-ID: #VU89001

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26584

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Race condition

EUVDB-ID: #VU89251

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26585

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Out-of-bounds write

EUVDB-ID: #VU88935

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26586

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90663

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26590

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the z_erofs_do_map_blocks() function in fs/erofs/zmap.c, within the z_erofs_parse_cfgs() function in fs/erofs/decompressor.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

EUVDB-ID: #VU89250

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26593

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU89249

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26600

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper locking

EUVDB-ID: #VU93770

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26601

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource exhaustion

EUVDB-ID: #VU87499

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26602

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Infinite loop

EUVDB-ID: #VU89248

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26603

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Resource management error

EUVDB-ID: #VU89247

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26606

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource exhaustion

EUVDB-ID: #VU94108

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26621

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to system forces huge page alignment on 32-bit systems in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU87193

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26622

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tomoyo_write_control() function. A local  user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU87344

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26625

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) NULL pointer dereference

EUVDB-ID: #VU90631

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26626

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the udp_queue_rcv_one_skb() function in net/ipv4/udp.c, within the raw_rcv_skb() function in net/ipv4/raw.c, within the ipmr_cache_report() function in net/ipv4/ipmr.c, within the ipv4_pktinfo_prepare() function in net/ipv4/ip_sockglue.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Improper locking

EUVDB-ID: #VU88101

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26627

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU91536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26629

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Infinite loop

EUVDB-ID: #VU91417

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26639

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the include/linux/mmzone.h, arch/x86/include/asm/kmsan.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Resource management error

EUVDB-ID: #VU89397

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26640

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Access of Uninitialized Pointer

EUVDB-ID: #VU89396

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-26641

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper access control

EUVDB-ID: #VU88150

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26642

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Race condition

EUVDB-ID: #VU88135

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26643

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Unchecked Return Value

EUVDB-ID: #VU87902

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26651

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Race condition

EUVDB-ID: #VU88148

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26654

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Buffer overflow

EUVDB-ID: #VU93244

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26659

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Out-of-bounds read

EUVDB-ID: #VU90334

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26660

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn301_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU92073

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26663

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Out-of-bounds read

EUVDB-ID: #VU90335

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26664

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Out-of-bounds read

EUVDB-ID: #VU90336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26665

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU93769

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26667

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dpu_encoder_helper_phys_cleanup() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Buffer overflow

EUVDB-ID: #VU92977

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26671

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Input validation error

EUVDB-ID: #VU94118

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26673

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Input validation error

EUVDB-ID: #VU90858

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26675

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

EUVDB-ID: #VU90337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26676

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper locking

EUVDB-ID: #VU92044

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Use-after-free

EUVDB-ID: #VU93350

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26680

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aq_ring_free() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() and aq_ptp_ring_free() functions in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Improper locking

EUVDB-ID: #VU91453

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26681

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nsim_dev_trap_report_work() function in drivers/net/netdevsim/dev.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper error handling

EUVDB-ID: #VU90952

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26684

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Race condition

EUVDB-ID: #VU91481

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26685

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper locking

EUVDB-ID: #VU91530

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26686

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_task_stat() function in fs/proc/array.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper locking

EUVDB-ID: #VU92043

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26687

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) NULL pointer dereference

EUVDB-ID: #VU90603

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU90220

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26689

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU90604

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26695

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/crypto/ccp/sev-dev.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper locking

EUVDB-ID: #VU90795

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26696

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Information disclosure

EUVDB-ID: #VU91365

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26697

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Race condition

EUVDB-ID: #VU91482

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26698

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) NULL pointer dereference

EUVDB-ID: #VU90605

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26700

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_atomic_check() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Out-of-bounds read

EUVDB-ID: #VU91100

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26702

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Double free

EUVDB-ID: #VU90929

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26704

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper error handling

EUVDB-ID: #VU92945

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26706

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the fixup_exception() function in arch/parisc/mm/fault.c, within the emulate_ldh(), emulate_ldw(), emulate_ldd(), emulate_sth(), emulate_stw() and emulate_std() functions in arch/parisc/kernel/unaligned.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Resource management error

EUVDB-ID: #VU93206

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26707

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Stack-based buffer overflow

EUVDB-ID: #VU91301

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26710

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the arch/powerpc/include/asm/thread_info.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Buffer overflow

EUVDB-ID: #VU93400

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26712

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Input validation error

EUVDB-ID: #VU94137

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26714

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/interconnect/qcom/sc8180x.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) NULL pointer dereference

EUVDB-ID: #VU90608

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26715

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_gadget_suspend() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU93058

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26717

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Buffer overflow

EUVDB-ID: #VU91203

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26718

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the verity_work() and verity_end_io() functions in drivers/md/dm-verity-target.c, within the crypt_io_init(), crypt_inc_pending(), crypt_dec_pending(), kcryptd_crypt() and kcryptd_queue_crypt() functions in drivers/md/dm-crypt.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Division by zero

EUVDB-ID: #VU91379

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26720

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper locking

EUVDB-ID: #VU90793

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26722

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU90610

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26723

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lan966x_lag_set_aggr_pgids() function in drivers/net/ethernet/microchip/lan966x/lan966x_lag.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Improper locking

EUVDB-ID: #VU90791

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26726

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the clear_extent_uptodate() function in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Reachable assertion

EUVDB-ID: #VU90911

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26727

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) NULL pointer dereference

EUVDB-ID: #VU90593

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26731

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_psock_verdict_data_ready() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Buffer overflow

EUVDB-ID: #VU92952

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26733

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU90215

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26735

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Buffer overflow

EUVDB-ID: #VU92007

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26736

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Race condition

EUVDB-ID: #VU88938

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26737

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between the bpf_timer_cancel_and_free and bpf_timer_cancel calls in kernel/bpf/helpers.c. A local user can exploit the race and escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Resource management error

EUVDB-ID: #VU93259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26741

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the net/ipv4/inet_hashtables.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Resource management error

EUVDB-ID: #VU93205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26742

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pqi_map_queues() function in drivers/scsi/smartpqi/smartpqi_init.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Improper locking

EUVDB-ID: #VU92042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26743

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU90596

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26744

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) NULL pointer dereference

EUVDB-ID: #VU90591

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26745

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iommu_table_setparms(), pci_dma_find(), pci_dma_bus_setup_pSeriesLP(), find_existing_ddw_windows_named() and pci_dma_dev_setup_pSeriesLP() functions in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU90598

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26747

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Use-after-free

EUVDB-ID: #VU90213

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_gadget_giveback() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU90216

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26749

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_gadget_ep_disable() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Out-of-bounds read

EUVDB-ID: #VU90327

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26750

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Infinite loop

EUVDB-ID: #VU93671

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26751

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Incorrect calculation

EUVDB-ID: #VU89392

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26752

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Stack-based buffer overflow

EUVDB-ID: #VU91300

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26753

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the virtio_crypto_dataq_akcipher_callback() and virtio_crypto_alg_akcipher_init_session() functions in drivers/crypto/virtio/virtio_crypto_akcipher_algs.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Use-after-free

EUVDB-ID: #VU90217

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26754

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Race condition

EUVDB-ID: #VU91479

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26759

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) NULL pointer dereference

EUVDB-ID: #VU90599

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26760

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/target/target_core_pscsi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Resource management error

EUVDB-ID: #VU93779

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26761

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __cxl_hdm_decode_init() function in drivers/cxl/core/pci.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Resource management error

EUVDB-ID: #VU93859

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Resource management error

EUVDB-ID: #VU93844

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26764

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Resource management error

EUVDB-ID: #VU93204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26765

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the play_dead() function in arch/loongarch/kernel/smp.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Off-by-one

EUVDB-ID: #VU89678

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26766

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Improper locking

EUVDB-ID: #VU90787

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26769

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) NULL pointer dereference

EUVDB-ID: #VU90602

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26771

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the edma_probe() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Improper locking

EUVDB-ID: #VU92041

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26772

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Improper locking

EUVDB-ID: #VU93787

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26773

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Division by zero

EUVDB-ID: #VU93751

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26774

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the mb_update_avg_fragment_size() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 6.1.85-1.

Debian Linux: All versions

linux (Debian package): before 6.1.85-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00066.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.