Risk | High |
Patch available | YES |
Number of vulnerabilities | 46 |
CVE-ID | CVE-2023-1194 CVE-2023-32254 CVE-2023-32258 CVE-2023-38427 CVE-2023-38430 CVE-2023-38431 CVE-2023-3867 CVE-2023-46838 CVE-2023-52340 CVE-2023-52429 CVE-2024-23851 CVE-2024-22705 CVE-2024-23850 CVE-2024-24860 CVE-2023-52463 CVE-2023-52445 CVE-2023-52462 CVE-2023-52609 CVE-2023-52448 CVE-2023-52457 CVE-2023-52464 CVE-2023-52456 CVE-2023-52454 CVE-2023-52438 CVE-2023-52480 CVE-2023-52443 CVE-2023-52442 CVE-2024-26631 CVE-2023-52439 CVE-2023-52612 CVE-2024-26598 CVE-2024-26586 CVE-2024-26589 CVE-2023-52444 CVE-2023-52436 CVE-2024-26633 CVE-2024-26597 CVE-2023-52458 CVE-2024-26591 CVE-2023-52449 CVE-2023-52467 CVE-2023-52441 CVE-2023-52610 CVE-2023-52451 CVE-2023-52469 CVE-2023-52470 |
CWE-ID | CWE-125 CWE-362 CWE-190 CWE-20 CWE-400 CWE-754 CWE-617 CWE-476 CWE-416 CWE-119 CWE-787 CWE-667 CWE-366 CWE-200 CWE-401 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1057-aws (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 46 vulnerabilities.
EUVDB-ID: #VU92725
Risk: Low
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1194
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote user to read data or crash the application.
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77498
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32254
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a race condition within fs/ksmbd/mgmt/tree_connect.c in ksmbd in Linux kernel when processing SMB2_TREE_DISCONNECT commands. A remote attacker can trigger a use-after-free error using concurrent smb2 tree disconnect requests and execute arbitrary code on the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU80501
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-32258
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition when processing SMB2_LOGOFF and SMB2_CLOSE commands in ksmbd. A remote attacker can send specially crafted data to the server and execute arbitrary code on the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81658
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-38427
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the deassemble_neg_contexts() function in fs/smb/server/smb2pdu.c in ksmbd. A remote attacker can send specially crafted data to ksmbd, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79477
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38430
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ksmbd when handling SMB request protocol ID. A remote attacker can send specially crafted packets to the system to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU81659
Risk: Medium
CVSSv4.0: 5 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38431
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in fs/smb/server/connection.c within ksmbd. A remote attacker can send a specially crafted data to the system, trigger an out-of-bounds read error and read contents of memory or perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82661
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3867
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the KSMBD implementation in the Linux kernel. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85682
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-46838
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an unprivileged guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of network packets at the backend. An unprivileged guest can send zero-length packets to the OS kernel and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88378
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52340
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing very large ICMPv6 packets. A remote attacker can send a flood of IPv6 ICMP6 PTB messages, cause the high lock contention and increased CPU usage, leading to a denial of service.
Successful vulnerability exploitation requires a attacker to be on the local network or have a high bandwidth connection.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87166
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52429
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dm_table_create() function in drivers/md/dm-table.c. A local user can pass specially crafted data to the kernel and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87595
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the copy_params() function in drivers/md/dm-ioctl.c. A remote attacker can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86554
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-22705
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c in Linux kernel ksmbd. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87594
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23850
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86580
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-24860
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90660
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87745
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89237
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52462
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a boundary error within the check_stack_write_fixed_off() function in kernel/bpf/verifier.c. A local user can trigger memory corruption and crash the kernel.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91484
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87741
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52448
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89242
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52457
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the omap8250_remove() function in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88895
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89243
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52456
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the imx_uart_stop_tx() function in drivers/tty/serial/imx.c. A local user can crash the OS kernel.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89244
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87593
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52438
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_alloc_free_page() function in drivers/android/binder_alloc.c. A local user can trigger a race condition and escalate privileges on the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90249
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52480
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ksmbd_expire_session(), ksmbd_sessions_deregister() and ksmbd_session_lookup() functions in fs/ksmbd/mgmt/user_session.c, within the ksmbd_conn_alloc() function in fs/ksmbd/connection.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89245
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52443
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94148
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52442
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the lookup_chann_list(), smb2_get_ksmbd_tcon(), smb2_allocate_rsp_buf() and smb2_check_user_session() functions in fs/ksmbd/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91436
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26631
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87573
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52439
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91314
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90262
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88935
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88886
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26589
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the adjust_ptr_min_max_vals() function in kernel/bpf/verifier.c. A local user can crash the OS kernel.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90918
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52444
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87592
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52436
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the __f2fs_setxattr() function in fs/f2fs/xattr.c, does not empty by default the unused space in the xattr list. A local user can gain access to potentially sensitive information.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89267
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87682
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26597
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c when parsing the netlink attributes. A local user can trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90657
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88888
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26591
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the bpf_tracing_prog_attach() function in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87742
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52449
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89236
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52467
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the of_syscon_register() function in drivers/mfd/syscon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91105
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52441
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the init_smb1_server() function in fs/ksmbd/smb_common.c, within the handle_ksmbd_work() and queue_ksmbd_work() functions in fs/ksmbd/server.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89382
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52610
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88891
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52451
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89235
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-aws (Ubuntu package): before 5.15.0.1057.63~20.04.1
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1057.58
linux-image-5.15.0-1057-aws (Ubuntu package): before 5.15.0-1057.63~20.04.1
CPE2.3https://ubuntu.com/security/notices/USN-6725-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.