Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 124 |
CVE-ID | CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2022-0001 CVE-2024-2201 CVE-2024-23849 CVE-2024-24860 CVE-2023-52635 CVE-2024-26632 CVE-2023-52468 CVE-2023-52472 CVE-2023-52589 CVE-2024-26671 CVE-2024-26640 CVE-2024-26631 CVE-2023-52489 CVE-2023-52616 CVE-2023-52445 CVE-2023-52463 CVE-2024-26610 CVE-2023-52497 CVE-2023-52453 CVE-2023-52470 CVE-2024-26649 CVE-2023-52583 CVE-2024-26644 CVE-2023-52607 CVE-2023-52587 CVE-2024-26594 CVE-2023-52618 CVE-2023-52495 CVE-2023-52632 CVE-2024-26583 CVE-2023-52633 CVE-2023-52591 CVE-2024-26633 CVE-2023-52627 CVE-2024-26670 CVE-2024-26598 CVE-2024-26592 CVE-2023-52473 CVE-2023-52623 CVE-2023-52446 CVE-2023-52443 CVE-2023-52451 CVE-2024-26629 CVE-2023-52462 CVE-2024-26808 CVE-2023-52598 CVE-2023-52611 CVE-2023-52492 CVE-2023-52456 CVE-2023-52626 CVE-2023-52455 CVE-2024-26641 CVE-2023-52588 CVE-2023-52608 CVE-2024-26618 CVE-2024-26582 CVE-2023-52609 CVE-2023-52604 CVE-2024-26646 CVE-2024-26634 CVE-2023-52469 CVE-2023-52467 CVE-2023-52447 CVE-2024-26623 CVE-2023-52621 CVE-2024-26647 CVE-2024-26615 CVE-2023-52450 CVE-2023-52619 CVE-2023-52610 CVE-2023-52606 CVE-2023-52464 CVE-2023-52465 CVE-2024-26638 CVE-2023-52498 CVE-2024-26625 CVE-2023-52449 CVE-2023-52584 CVE-2023-52454 CVE-2023-52458 CVE-2024-26585 CVE-2024-26669 CVE-2023-52493 CVE-2024-26645 CVE-2024-26607 CVE-2023-52615 CVE-2023-52617 CVE-2024-26612 CVE-2024-26668 CVE-2023-52594 CVE-2023-52612 CVE-2024-26584 CVE-2024-26586 CVE-2024-26616 CVE-2024-26673 CVE-2023-52448 CVE-2024-26620 CVE-2023-52614 CVE-2024-26636 CVE-2023-52602 CVE-2023-52452 CVE-2023-52601 CVE-2024-26635 CVE-2024-26627 CVE-2023-52488 CVE-2023-52487 CVE-2023-52597 CVE-2023-52494 CVE-2023-52444 CVE-2024-26608 CVE-2023-52593 CVE-2023-52491 CVE-2023-52595 CVE-2023-52599 CVE-2024-26595 CVE-2023-52622 CVE-2024-26650 CVE-2024-26614 CVE-2023-52490 CVE-2023-52486 CVE-2023-52457 |
CWE-ID | CWE-476 CWE-200 CWE-1037 CWE-193 CWE-362 CWE-667 CWE-416 CWE-119 CWE-399 CWE-366 CWE-665 CWE-400 CWE-125 CWE-20 CWE-825 CWE-824 CWE-401 CWE-388 CWE-617 CWE-787 CWE-908 CWE-682 CWE-190 CWE-254 CWE-833 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-oem-22.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04a (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1022-oem (Ubuntu package) Operating systems & Components / Operating system package or component |
Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 124 vulnerabilities.
EUVDB-ID: #VU85854
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85853
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6535
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU85852
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6536
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61198
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0001
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88374
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2201
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23849
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rds_recv_track_latency() function in net/rds/af_rds.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86580
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24860
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90621
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26632
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/bio.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90260
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52468
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the class_register() function in drivers/base/class.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91244
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52472
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rsa_check_exponent_fips() function in crypto/rsa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91540
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rkisp1_isp_stop() function in drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c, within the rkisp1_csi_disable() function in drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91436
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26631
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the ipv6_mc_down() function in net/ipv6/mcast.c. A local user can manipulate data.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89388
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52489
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87745
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52445
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in pvrusb2. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90660
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89679
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93097
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52497
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93167
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52453
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hisi_acc_vf_resume_write() and hisi_acc_vf_save_read() functions in drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92074
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26649
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfx_v10_0_init_microcode() function in drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91535
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86813
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling SMB2 Mech Tokens. A remote attacker can send specially crafted packets to ksmbd, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52618
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rnbd_srv_get_full_path() function in drivers/block/rnbd/rnbd-srv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90861
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pmic_glink_altmode_sc8180xp_notify() and pmic_glink_altmode_sc8280xp_notify() functions in drivers/soc/qcom/pmic_glink_altmode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91534
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52632
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mutex_unlock() function in drivers/gpu/drm/amd/amdkfd/kfd_svm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93282
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52633
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the time_travel_update_time(), time_travel_set_start() and timer_read() functions in arch/um/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89267
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26633
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52627
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BIT() function in drivers/iio/adc/ad7091r5.c, within the BIT() and ad7091r_read_event_config() functions in drivers/iio/adc/ad7091r-base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93299
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26670
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the arch/arm64/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90262
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86812
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26592
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a race condition when handling TCP connect and disconnect events within the ksmbd_tcp_new_connection() function in
ksmbd. A remote non-authenticated attacker can trigger a use-after-free error and crash the kernel or execute arbitrary code on the system.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90656
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52473
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the device_del() function in drivers/thermal/thermal_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90263
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52446
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_map_free_deferred() and bpf_map_put() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52443
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88891
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52451
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26629
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89237
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52462
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a boundary error within the check_stack_write_fixed_off() function in kernel/bpf/verifier.c. A local user can trigger memory corruption and crash the kernel.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93809
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26808
CWE-ID:
CWE-825 - Expired pointer dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93161
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52611
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtw_sdio_get_tx_addr() function in drivers/net/wireless/realtek/rtw88/sdio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89243
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52456
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error within the imx_uart_stop_tx() function in drivers/tty/serial/imx.c. A local user can crash the OS kernel.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlx5e_ptp_handle_ts_cqe() function in drivers/net/ethernet/mellanox/mlx5/core/en/ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93166
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52455
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption within the of_iommu_get_resv_regions() function in drivers/iommu/of_iommu.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93647
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52588
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the __clone_blkaddrs() and redirty_blocks() functions in fs/f2fs/file.c, within the set_cluster_dirty() function in fs/f2fs/compress.c. A local user can corrupt data.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52608
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the shmem_poll_done() function in drivers/firmware/arm_scmi/shmem.c, within the rx_callback() function in drivers/firmware/arm_scmi/mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26618
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fpsimd_release_task() function in arch/arm64/kernel/fpsimd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89002
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/tls/tls_sw.c during partial reads and async decrypt. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91484
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52609
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the binder_update_page_range() function in drivers/android/binder_alloc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91204
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26646
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hfi_parse_features() and intel_hfi_init() functions in drivers/thermal/intel/intel_hfi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93655
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26634
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the default_device_exit_net() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89236
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52467
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the of_syscon_register() function in drivers/mfd/syscon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87740
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in
bpf. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90630
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26623
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pdsc_setup(), pdsc_stop() and pdsc_fw_down() functions in drivers/net/ethernet/amd/pds_core/core.c, within the pdsc_process_notifyq(), pdsc_process_adminq(), pds_core_intr_credits(), pdsc_adminq_isr(), pdsc_adminq_post() and queue_work() functions in drivers/net/ethernet/amd/pds_core/adminq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52621
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26647
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the link_set_dsc_pps_packet() function in drivers/gpu/drm/amd/display/dc/link/link_dpms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90627
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26615
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __smc_diag_dump() function in net/smc/smc_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90661
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52450
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93668
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52619
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89382
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52610
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87343
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88895
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52464
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the thunderx_ocx_com_threaded_isr() function in drivers/edac/thunderx_edac.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90654
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52465
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smb2_probe() function in drivers/power/supply/qcom_pmi8998_charger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90881
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26638
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __sock_xmit() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90800
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52498
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dev_pm_skip_resume(), complete_all(), dpm_async_fn(), dpm_noirq_resume_devices(), dpm_resume_noirq(), pm_runtime_enable(), dpm_resume_early(), dpm_resume_start(), device_resume() and dpm_resume() functions in drivers/base/power/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87344
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87742
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52449
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90230
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_spmi_probe() and mtk_spmi_remove() functions in drivers/spmi/spmi-mtk-pmif.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52458
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the blkpg_do_ioctl() function in block/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89251
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26585
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91537
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52493
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the parse_xfer_event() function in drivers/bus/mhi/host/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93762
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26645
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90640
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90798
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52617
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92991
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26612
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL() function in fs/fscache/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52594
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_htc_txstatus() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52612
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scomp_acomp_comp_decomp() function in crypto/scompress.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90229
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26616
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the scrub_read_endio() and scrub_submit_initial_read() functions in fs/btrfs/scrub.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87741
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52448
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in gfs2_rgrp_dump() function. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94143
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26620
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vfio_ap_mdev_filter_cdoms(), vfio_ap_mdev_filter_matrix(), assign_adapter_store(), assign_domain_store(), vfio_ap_mdev_probe_queue() and vfio_ap_on_cfg_changed() functions in drivers/s390/crypto/vfio_ap_ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90859
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26636
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89254
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the dtSearch() function in fs/jfs/jfs_dtree.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87743
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52452
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization in bpf. A local user can run a specially crafted application to execute arbitrary code with escalated privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88103
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52601
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/jfs/jfs_dmap.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26635
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_to_be16() function in net/llc/llc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26627
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to improper locking when calling the scsi_host_busy() function. A local user can perform a denial of service attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90625
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52487
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_tc_del_fdb_peer_flow() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU92172
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52494
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mhi_del_ring_element() function in drivers/bus/mhi/host/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90918
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52444
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90341
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the handle_unsupported_event() and handle_generic_event() functions in fs/ksmbd/transport_ipc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90629
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90228
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52491
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtk_jpeg_dec_device_run() function in drivers/media/platform/mtk-jpeg/mtk_jpeg_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU88105
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52599
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the diNewExt() function in fs/jfs/jfs_imap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU87369
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26595
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the spectrum_acl_tcam() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89238
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26650
CWE-ID:
CWE-833 - Deadlock
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock in drivers/platform/x86/p2sb.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91320
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90624
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52490
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mm/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU90801
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU89242
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52457
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the omap8250_remove() function in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1022.24
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1022.24
linux-image-6.5.0-1022-oem (Ubuntu package): before 6.5.0-1022.23
External linkshttp://ubuntu.com/security/notices/USN-6765-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.