Ubuntu update for linux-gkeop



Risk Medium
Patch available YES
Number of vulnerabilities 151
CVE-ID CVE-2023-6270
CVE-2023-7042
CVE-2024-0841
CVE-2024-22099
CVE-2024-27432
CVE-2024-26877
CVE-2024-35829
CVE-2024-26737
CVE-2024-27075
CVE-2024-27414
CVE-2024-27053
CVE-2024-26889
CVE-2024-26792
CVE-2024-26882
CVE-2024-26906
CVE-2024-26851
CVE-2024-27037
CVE-2024-26782
CVE-2024-27388
CVE-2024-26748
CVE-2024-27419
CVE-2024-27034
CVE-2023-52662
CVE-2024-27047
CVE-2024-26874
CVE-2024-26779
CVE-2024-26872
CVE-2024-26820
CVE-2024-35811
CVE-2024-26771
CVE-2024-26733
CVE-2024-26903
CVE-2024-26736
CVE-2024-26870
CVE-2024-26883
CVE-2024-27403
CVE-2024-26878
CVE-2024-26857
CVE-2023-52645
CVE-2024-26601
CVE-2024-26891
CVE-2024-27028
CVE-2024-27054
CVE-2024-26804
CVE-2024-27405
CVE-2024-35830
CVE-2024-26898
CVE-2024-26754
CVE-2024-26793
CVE-2024-26747
CVE-2024-26901
CVE-2023-52652
CVE-2023-52650
CVE-2024-26651
CVE-2024-26816
CVE-2024-35845
CVE-2024-26862
CVE-2024-26884
CVE-2024-26752
CVE-2024-26852
CVE-2023-52656
CVE-2024-26790
CVE-2024-26603
CVE-2024-27078
CVE-2024-26802
CVE-2024-27045
CVE-2024-27024
CVE-2024-27073
CVE-2024-26585
CVE-2024-26894
CVE-2024-26583
CVE-2024-27416
CVE-2024-27431
CVE-2024-35844
CVE-2024-26838
CVE-2024-27410
CVE-2024-26915
CVE-2024-26772
CVE-2024-26897
CVE-2024-26798
CVE-2024-27415
CVE-2024-26855
CVE-2024-26833
CVE-2024-26764
CVE-2024-26659
CVE-2024-26846
CVE-2024-26895
CVE-2023-52644
CVE-2024-26751
CVE-2024-26880
CVE-2024-26863
CVE-2024-26809
CVE-2024-27052
CVE-2024-27051
CVE-2024-26907
CVE-2024-27413
CVE-2024-26801
CVE-2023-52620
CVE-2024-26749
CVE-2024-26787
CVE-2024-27046
CVE-2024-26803
CVE-2024-26744
CVE-2024-26879
CVE-2024-27412
CVE-2024-26791
CVE-2024-26773
CVE-2023-52640
CVE-2024-26778
CVE-2024-26859
CVE-2024-27044
CVE-2024-26788
CVE-2024-27077
CVE-2024-26750
CVE-2024-26861
CVE-2023-52434
CVE-2024-26774
CVE-2024-26795
CVE-2024-26856
CVE-2024-27043
CVE-2024-27039
CVE-2024-26777
CVE-2024-27030
CVE-2024-26584
CVE-2024-26735
CVE-2024-26805
CVE-2024-26766
CVE-2024-26763
CVE-2024-27065
CVE-2023-52641
CVE-2024-27417
CVE-2023-52497
CVE-2023-52447
CVE-2024-26769
CVE-2024-26843
CVE-2024-26881
CVE-2024-26688
CVE-2024-26743
CVE-2024-27038
CVE-2024-27390
CVE-2024-27436
CVE-2024-26839
CVE-2024-27074
CVE-2024-26840
CVE-2024-27076
CVE-2024-26835
CVE-2024-26885
CVE-2024-26776
CVE-2024-26845
CVE-2024-26875
CVE-2024-35828
CWE-ID CWE-416
CWE-476
CWE-399
CWE-401
CWE-362
CWE-121
CWE-119
CWE-667
CWE-415
CWE-908
CWE-388
CWE-125
CWE-366
CWE-191
CWE-682
CWE-200
CWE-252
CWE-20
CWE-477
CWE-835
CWE-404
CWE-284
CWE-665
CWE-369
CWE-193
CWE-400
CWE-787
Exploitation vector Network
Public exploit N/A
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gkeop-5.15 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gkeop (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1060-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1046-gkeop (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 151 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU85422

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7042

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU89389

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0841

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU87192

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22099

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU93774

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27432

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU93200

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26877

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU90446

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35829

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Race condition

EUVDB-ID: #VU88938

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26737

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between the bpf_timer_cancel_and_free and bpf_timer_cancel calls in kernel/bpf/helpers.c. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

EUVDB-ID: #VU91298

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27075

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU92951

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27414

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtnl_bridge_setlink() function in net/core/rtnetlink.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper locking

EUVDB-ID: #VU92029

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27053

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU91312

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26889

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Double free

EUVDB-ID: #VU90897

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26792

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use of uninitialized resource

EUVDB-ID: #VU90878

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26882

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper error handling

EUVDB-ID: #VU92944

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26906

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU91096

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26851

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU90523

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27037

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Double free

EUVDB-ID: #VU90927

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26782

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU90213

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26748

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_gadget_giveback() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Race condition within a thread

EUVDB-ID: #VU91429

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27419

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU93785

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27034

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Memory leak

EUVDB-ID: #VU90444

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52662

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) NULL pointer dereference

EUVDB-ID: #VU90520

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27047

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU90575

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Race condition

EUVDB-ID: #VU91480

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26779

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU90199

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26872

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU93775

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26820

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU90164

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35811

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU90602

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26771

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the edma_probe() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU92952

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26733

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) NULL pointer dereference

EUVDB-ID: #VU92070

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26903

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Buffer overflow

EUVDB-ID: #VU92007

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26736

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU92006

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26870

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU91602

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26883

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Integer underflow

EUVDB-ID: #VU91669

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27403

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL pointer dereference

EUVDB-ID: #VU90574

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use of uninitialized resource

EUVDB-ID: #VU90876

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26857

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Race condition

EUVDB-ID: #VU91477

Risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52645

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the scpsys_add_subdomain() and scpsys_remove_one_domain() functions in drivers/soc/mediatek/mtk-pm-domains.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper locking

EUVDB-ID: #VU93770

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26601

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper locking

EUVDB-ID: #VU91524

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26891

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU90555

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Incorrect calculation

EUVDB-ID: #VU93759

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27054

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU90212

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26804

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU93154

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27405

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU90197

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU90217

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26754

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU90211

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26793

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU90598

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26747

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Information disclosure

EUVDB-ID: #VU91363

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26901

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Information disclosure

EUVDB-ID: #VU91353

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52652

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU90517

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52650

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Unchecked Return Value

EUVDB-ID: #VU87902

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26651

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU91650

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26816

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Input validation error

EUVDB-ID: #VU91609

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35845

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Race condition within a thread

EUVDB-ID: #VU91434

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26862

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU91604

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Incorrect calculation

EUVDB-ID: #VU89392

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26752

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU90194

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use of obsolete function

EUVDB-ID: #VU93856

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52656

CWE-ID: CWE-477 - Use of Obsolete Function

Exploit availability: No

Description

The vulnerability allows a local user to have negative impact on system performance.

The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Improper locking

EUVDB-ID: #VU90784

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26790

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the FSL_QDMA_CMD_PF BIT() and fsl_qdma_comp_fill_memcpy() functions in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Infinite loop

EUVDB-ID: #VU89248

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26603

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Memory leak

EUVDB-ID: #VU90450

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU90589

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26802

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stmmac_fpe_stop_wq() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Buffer overflow

EUVDB-ID: #VU91310

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27045

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Resource management error

EUVDB-ID: #VU93841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27024

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Memory leak

EUVDB-ID: #VU90455

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27073

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Race condition

EUVDB-ID: #VU89251

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26585

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Memory leak

EUVDB-ID: #VU90002

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26894

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Race condition

EUVDB-ID: #VU87596

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26583

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Information disclosure

EUVDB-ID: #VU93869

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27416

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error within the hci_io_capa_request_evt() function in net/bluetooth/hci_event.c when handling HCI_EV_IO_CAPA_REQUEST packets. A remote attacker on the local network can force the system to assume that the remote peer does support SSP and potentially gain access to sensitive information.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use of uninitialized resource

EUVDB-ID: #VU92003

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27431

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_map_bpf_prog_run_xdp() function in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Incorrect calculation

EUVDB-ID: #VU93756

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35844

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Resource management error

EUVDB-ID: #VU92970

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26838

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the irdma_destroy_irq() function in drivers/infiniband/hw/irdma/hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Resource management error

EUVDB-ID: #VU93870

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27410

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nl80211_set_interface() function in net/wireless/nl80211.c. A local user can manipulate with the interface mesh ID and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Buffer overflow

EUVDB-ID: #VU91311

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26915

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vega20_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega20_ih.c, within the vega10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega10_ih.c, within the tonga_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/tonga_ih.c, within the si_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/si_ih.c, within the navi10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/navi10_ih.c, within the iceland_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/iceland_ih.c, within the cz_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cz_ih.c, within the cik_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cik_ih.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper locking

EUVDB-ID: #VU92041

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26772

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) NULL pointer dereference

EUVDB-ID: #VU90580

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26897

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Resource management error

EUVDB-ID: #VU92989

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26798

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fbcon_do_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Improper locking

EUVDB-ID: #VU91317

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27415

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU90576

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Memory leak

EUVDB-ID: #VU90004

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26833

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Resource management error

EUVDB-ID: #VU93844

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26764

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Buffer overflow

EUVDB-ID: #VU93244

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26659

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Double free

EUVDB-ID: #VU90896

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26846

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Use-after-free

EUVDB-ID: #VU90202

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26895

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Infinite loop

EUVDB-ID: #VU93068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52644

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Infinite loop

EUVDB-ID: #VU93671

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26751

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Resource management error

EUVDB-ID: #VU92988

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26880

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Use of uninitialized resource

EUVDB-ID: #VU90877

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26863

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper resource shutdown or release

EUVDB-ID: #VU93747

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26809

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use-after-free

EUVDB-ID: #VU90180

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27052

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) NULL pointer dereference

EUVDB-ID: #VU91501

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27051

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper locking

EUVDB-ID: #VU92037

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26907

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Buffer overflow

EUVDB-ID: #VU93470

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27413

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU90209

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26801

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Improper access control

EUVDB-ID: #VU89268

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52620

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use-after-free

EUVDB-ID: #VU90216

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26749

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cdns3_gadget_ep_disable() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Information disclosure

EUVDB-ID: #VU89239

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26787

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) NULL pointer dereference

EUVDB-ID: #VU90519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27046

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper Initialization

EUVDB-ID: #VU91553

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26803

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the veth_enable_xdp(), veth_disable_xdp() and veth_xdp_set() functions in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) NULL pointer dereference

EUVDB-ID: #VU90596

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26744

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) NULL pointer dereference

EUVDB-ID: #VU90572

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Resource management error

EUVDB-ID: #VU93194

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27412

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bq27xxx_battery_i2c_remove() function in drivers/power/supply/bq27xxx_battery_i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Out-of-bounds read

EUVDB-ID: #VU91098

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26791

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the btrfs_check_replace_dev_names() and btrfs_dev_replace_by_ioctl() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper locking

EUVDB-ID: #VU93787

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26773

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Out-of-bounds read

EUVDB-ID: #VU90331

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52640

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ntfs_list_ea() function in fs/ntfs3/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Division by zero

EUVDB-ID: #VU91378

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26778

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) NULL pointer dereference

EUVDB-ID: #VU90573

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26859

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU90521

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27044

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Resource management error

EUVDB-ID: #VU92972

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26788

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fsl_qdma_probe() function in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Memory leak

EUVDB-ID: #VU90451

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27077

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Out-of-bounds read

EUVDB-ID: #VU90327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26750

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Race condition within a thread

EUVDB-ID: #VU91433

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26861

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Buffer overflow

EUVDB-ID: #VU88283

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Division by zero

EUVDB-ID: #VU93751

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26774

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the mb_update_avg_fragment_size() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Out-of-bounds read

EUVDB-ID: #VU90329

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26795

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use-after-free

EUVDB-ID: #VU91063

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26856

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sparx5_del_mact_entry() function in drivers/net/ethernet/microchip/sparx5/sparx5_mactable.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Infinite loop

EUVDB-ID: #VU93067

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27039

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the hisi_clk_register_pll() function in drivers/clk/hisilicon/clk-hi3559a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Division by zero

EUVDB-ID: #VU91377

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26777

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Race condition

EUVDB-ID: #VU91473

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27030

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Error handling

EUVDB-ID: #VU89001

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26584

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Use-after-free

EUVDB-ID: #VU90215

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26735

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Use of uninitialized resource

EUVDB-ID: #VU90879

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26805

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Off-by-one

EUVDB-ID: #VU89678

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26766

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Resource management error

EUVDB-ID: #VU93859

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Resource management error

EUVDB-ID: #VU94105

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27065

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) NULL pointer dereference

EUVDB-ID: #VU90592

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52641

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ni_find_attr() and run_truncate_around() functions in fs/ntfs3/attrib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Information disclosure

EUVDB-ID: #VU91349

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27417

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the inet6_rtm_getaddr() function in net/ipv6/addrconf.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Resource exhaustion

EUVDB-ID: #VU93097

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52497

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Use-after-free

EUVDB-ID: #VU87740

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52447

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in bpf. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper locking

EUVDB-ID: #VU90787

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26769

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Buffer overflow

EUVDB-ID: #VU93404

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26843

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) NULL pointer dereference

EUVDB-ID: #VU90578

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26881

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) NULL pointer dereference

EUVDB-ID: #VU90603

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Improper locking

EUVDB-ID: #VU92042

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26743

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU91236

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27038

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Resource management error

EUVDB-ID: #VU94104

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27390

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way the synchronize_net() function is called within the ipv6_mc_down() function in net/ipv6/mcast.c, which can lead to long synchronization up to 5 minutes. A remote attacker can perform a denial of service (DoS) attack by initiating multiple connections.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Out-of-bounds write

EUVDB-ID: #VU93594

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Memory leak

EUVDB-ID: #VU90471

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26839

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Memory leak

EUVDB-ID: #VU90453

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Memory leak

EUVDB-ID: #VU90005

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26840

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Memory leak

EUVDB-ID: #VU89991

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Resource management error

EUVDB-ID: #VU93772

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26835

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Buffer overflow

EUVDB-ID: #VU89840

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26885

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) NULL pointer dereference

EUVDB-ID: #VU90601

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26776

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hisi_sfc_v3xx_isr() function in drivers/spi/spi-hisi-sfc-v3xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper locking

EUVDB-ID: #VU93388

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26845

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Use-after-free

EUVDB-ID: #VU90193

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26875

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Memory leak

EUVDB-ID: #VU90447

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35828

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-gkeop to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-kvm (Ubuntu package): before 5.15.0.1060.56

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1046.45

linux-image-gkeop (Ubuntu package): before 5.15.0.1046.45

linux-image-5.15.0-1060-kvm (Ubuntu package): before 5.15.0-1060.65

linux-image-5.15.0-1046-gkeop (Ubuntu package): before 5.15.0-1046.53~20.04.1

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6821-2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###