Ubuntu update for linux-hwe-5.15
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 154 |
| CVE-ID | CVE-2023-6270 CVE-2023-7042 CVE-2024-0841 CVE-2024-21823 CVE-2024-22099 CVE-2024-26901 CVE-2024-35844 CVE-2024-27024 CVE-2024-26835 CVE-2024-26879 CVE-2024-26846 CVE-2024-35829 CVE-2024-26804 CVE-2024-26802 CVE-2024-27039 CVE-2024-27075 CVE-2024-27076 CVE-2024-26863 CVE-2024-27046 CVE-2024-26776 CVE-2024-26875 CVE-2024-26885 CVE-2024-26583 CVE-2024-26777 CVE-2024-26803 CVE-2024-27047 CVE-2024-26748 CVE-2024-27044 CVE-2024-27416 CVE-2024-26906 CVE-2024-27405 CVE-2024-26749 CVE-2024-27436 CVE-2024-26895 CVE-2023-52662 CVE-2024-26772 CVE-2023-52645 CVE-2024-26787 CVE-2024-26788 CVE-2023-52497 CVE-2024-26795 CVE-2024-26763 CVE-2024-27414 CVE-2024-26870 CVE-2024-27412 CVE-2024-27078 CVE-2024-27388 CVE-2024-26894 CVE-2023-52641 CVE-2024-27053 CVE-2024-26584 CVE-2024-26752 CVE-2024-35845 CVE-2024-26884 CVE-2024-26782 CVE-2024-26859 CVE-2024-26809 CVE-2024-27038 CVE-2024-26897 CVE-2024-26750 CVE-2023-52644 CVE-2024-26848 CVE-2024-26833 CVE-2024-26801 CVE-2024-26872 CVE-2023-52620 CVE-2023-52652 CVE-2024-26839 CVE-2024-26851 CVE-2024-26805 CVE-2024-26659 CVE-2024-26791 CVE-2023-52640 CVE-2024-26883 CVE-2024-26737 CVE-2024-27028 CVE-2024-26603 CVE-2024-27073 CVE-2024-26792 CVE-2024-35830 CVE-2024-26585 CVE-2024-27045 CVE-2024-26880 CVE-2024-27074 CVE-2023-52434 CVE-2024-26778 CVE-2024-26754 CVE-2024-27034 CVE-2024-35828 CVE-2024-26643 CVE-2024-26774 CVE-2024-26878 CVE-2024-26733 CVE-2024-27043 CVE-2023-52656 CVE-2024-26816 CVE-2024-26907 CVE-2024-26838 CVE-2024-26651 CVE-2024-26790 CVE-2024-26840 CVE-2024-26751 CVE-2024-27410 CVE-2023-52447 CVE-2024-27431 CVE-2024-26861 CVE-2024-27077 CVE-2024-26779 CVE-2024-27054 CVE-2024-26601 CVE-2024-26874 CVE-2024-26764 CVE-2023-52650 CVE-2024-26843 CVE-2024-26856 CVE-2024-26820 CVE-2024-26903 CVE-2024-27037 CVE-2024-26798 CVE-2024-27415 CVE-2024-27419 CVE-2024-26736 CVE-2024-27403 CVE-2024-27432 CVE-2024-26735 CVE-2024-26793 CVE-2024-26881 CVE-2024-26889 CVE-2024-27052 CVE-2024-26766 CVE-2024-26882 CVE-2024-27417 CVE-2024-26688 CVE-2024-26747 CVE-2024-26877 CVE-2024-26744 CVE-2024-27051 CVE-2024-26743 CVE-2024-26857 CVE-2024-26855 CVE-2024-26852 CVE-2024-26771 CVE-2024-26891 CVE-2024-27030 CVE-2024-26769 CVE-2024-27413 CVE-2024-26898 CVE-2024-26915 CVE-2024-26845 CVE-2024-27065 CVE-2024-26924 CVE-2024-26862 CVE-2024-27390 CVE-2024-26773 |
| CWE-ID | CWE-416 CWE-476 CWE-502 CWE-200 CWE-682 CWE-399 CWE-415 CWE-401 CWE-835 CWE-121 CWE-908 CWE-119 CWE-362 CWE-369 CWE-665 CWE-388 CWE-787 CWE-667 CWE-400 CWE-125 CWE-20 CWE-404 CWE-284 CWE-477 CWE-252 CWE-366 CWE-191 CWE-193 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-113-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-113-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-113-generic (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 154 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU85422
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU89389
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Deserialization of Untrusted Data
EUVDB-ID: #VU89676
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21823
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Incorrect calculation
EUVDB-ID: #VU93756
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27024
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU93772
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26835
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90572
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Double free
EUVDB-ID: #VU90896
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26846
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU90446
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35829
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26804
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90589
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26802
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stmmac_fpe_stop_wq() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Infinite loop
EUVDB-ID: #VU93067
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27039
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the hisi_clk_register_pll() function in drivers/clk/hisilicon/clk-hi3559a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU89991
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use of uninitialized resource
EUVDB-ID: #VU90877
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26863
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU90519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27046
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU90601
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26776
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hisi_sfc_v3xx_isr() function in drivers/spi/spi-hisi-sfc-v3xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU90193
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU89840
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Division by zero
EUVDB-ID: #VU91377
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26777
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper Initialization
EUVDB-ID: #VU91553
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26803
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the veth_enable_xdp(), veth_disable_xdp() and veth_xdp_set() functions in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU90520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27047
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU90213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cdns3_gadget_giveback() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU90521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27044
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Information disclosure
EUVDB-ID: #VU93869
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27416
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error within the hci_io_capa_request_evt() function in net/bluetooth/hci_event.c when handling HCI_EV_IO_CAPA_REQUEST packets. A remote attacker on the local network can force the system to assume that the remote peer
does support SSP and potentially gain access to sensitive information.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper error handling
EUVDB-ID: #VU92944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26906
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU93154
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27405
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90216
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26749
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cdns3_gadget_ep_disable() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds write
EUVDB-ID: #VU93594
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27436
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU90202
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26895
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory leak
EUVDB-ID: #VU90444
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52662
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU92041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26772
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Race condition
EUVDB-ID: #VU91477
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52645
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the scpsys_add_subdomain() and scpsys_remove_one_domain() functions in drivers/soc/mediatek/mtk-pm-domains.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Information disclosure
EUVDB-ID: #VU89239
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26787
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU92972
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26788
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fsl_qdma_probe() function in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource exhaustion
EUVDB-ID: #VU93097
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52497
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU90329
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26795
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Resource management error
EUVDB-ID: #VU93859
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Buffer overflow
EUVDB-ID: #VU92951
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27414
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtnl_bridge_setlink() function in net/core/rtnetlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU92006
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26870
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Resource management error
EUVDB-ID: #VU93194
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27412
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bq27xxx_battery_i2c_remove() function in drivers/power/supply/bq27xxx_battery_i2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU90450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Memory leak
EUVDB-ID: #VU90449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Memory leak
EUVDB-ID: #VU90002
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26894
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) NULL pointer dereference
EUVDB-ID: #VU90592
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52641
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ni_find_attr() and run_truncate_around() functions in fs/ntfs3/attrib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU92029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27053
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Incorrect calculation
EUVDB-ID: #VU89392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26752
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU91609
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35845
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Double free
EUVDB-ID: #VU90927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU90573
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper resource shutdown or release
EUVDB-ID: #VU93747
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26809
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU91236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27038
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU90580
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU90327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26750
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Infinite loop
EUVDB-ID: #VU93068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52644
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Improper locking
EUVDB-ID: #VU91526
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26848
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_dir_iterate_block() function in fs/afs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Memory leak
EUVDB-ID: #VU90004
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26833
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU90209
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26801
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU90199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper access control
EUVDB-ID: #VU89268
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52620
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Information disclosure
EUVDB-ID: #VU91353
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52652
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Memory leak
EUVDB-ID: #VU90471
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use of uninitialized resource
EUVDB-ID: #VU90879
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26805
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU93244
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Out-of-bounds read
EUVDB-ID: #VU91098
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26791
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_check_replace_dev_names() and btrfs_dev_replace_by_ioctl() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds read
EUVDB-ID: #VU90331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52640
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ntfs_list_ea() function in fs/ntfs3/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Buffer overflow
EUVDB-ID: #VU91602
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Race condition
EUVDB-ID: #VU88938
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26737
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition between the bpf_timer_cancel_and_free and bpf_timer_cancel calls in kernel/bpf/helpers.c. A local user can exploit the race and escalate privileges on the system.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU90555
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Infinite loop
EUVDB-ID: #VU89248
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26603
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Double free
EUVDB-ID: #VU90897
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26792
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Resource management error
EUVDB-ID: #VU93591
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35830
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Race condition
EUVDB-ID: #VU89251
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26585
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Buffer overflow
EUVDB-ID: #VU91310
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27045
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Memory leak
EUVDB-ID: #VU90453
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Buffer overflow
EUVDB-ID: #VU88283
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Division by zero
EUVDB-ID: #VU91378
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26778
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU90217
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper locking
EUVDB-ID: #VU93785
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27034
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Memory leak
EUVDB-ID: #VU90447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35828
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Race condition
EUVDB-ID: #VU88135
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26643
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Division by zero
EUVDB-ID: #VU93751
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26774
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the mb_update_avg_fragment_size() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use of obsolete function
EUVDB-ID: #VU93856
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52656
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a local user to have negative impact on system performance.
The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper locking
EUVDB-ID: #VU92037
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Resource management error
EUVDB-ID: #VU92970
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26838
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irdma_destroy_irq() function in drivers/infiniband/hw/irdma/hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper locking
EUVDB-ID: #VU90784
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26790
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the FSL_QDMA_CMD_PF BIT() and fsl_qdma_comp_fill_memcpy() functions in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Infinite loop
EUVDB-ID: #VU93671
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26751
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the GPIO_LOOKUP_IDX() function in arch/arm/mach-ep93xx/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Resource management error
EUVDB-ID: #VU93870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27410
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nl80211_set_interface() function in net/wireless/nl80211.c. A local user can manipulate with the interface mesh ID and perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU87740
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52447
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in
bpf. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Use of uninitialized resource
EUVDB-ID: #VU92003
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27431
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the cpu_map_bpf_prog_run_xdp() function in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Race condition within a thread
EUVDB-ID: #VU91433
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26861
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Memory leak
EUVDB-ID: #VU90451
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27077
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Race condition
EUVDB-ID: #VU91480
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26779
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Incorrect calculation
EUVDB-ID: #VU93759
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27054
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Improper locking
EUVDB-ID: #VU93770
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU90575
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU93844
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26764
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Buffer overflow
EUVDB-ID: #VU93404
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU91063
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26856
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sparx5_del_mact_entry() function in drivers/net/ethernet/microchip/sparx5/sparx5_mactable.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Resource management error
EUVDB-ID: #VU93775
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26820
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) NULL pointer dereference
EUVDB-ID: #VU90523
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27037
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Resource management error
EUVDB-ID: #VU92989
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26798
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fbcon_do_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Improper locking
EUVDB-ID: #VU91317
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27415
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Race condition within a thread
EUVDB-ID: #VU91429
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27419
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Buffer overflow
EUVDB-ID: #VU92007
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Integer underflow
EUVDB-ID: #VU91669
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27403
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Resource management error
EUVDB-ID: #VU93774
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27432
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU90211
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26793
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) NULL pointer dereference
EUVDB-ID: #VU90578
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Buffer overflow
EUVDB-ID: #VU91312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU90180
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27052
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Off-by-one
EUVDB-ID: #VU89678
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26766
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use of uninitialized resource
EUVDB-ID: #VU90878
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26882
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Information disclosure
EUVDB-ID: #VU91349
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27417
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the inet6_rtm_getaddr() function in net/ipv6/addrconf.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) NULL pointer dereference
EUVDB-ID: #VU90598
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26747
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Resource management error
EUVDB-ID: #VU93200
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) NULL pointer dereference
EUVDB-ID: #VU91501
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Improper locking
EUVDB-ID: #VU92042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use of uninitialized resource
EUVDB-ID: #VU90876
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26857
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU90576
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU90602
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26771
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the edma_probe() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Improper locking
EUVDB-ID: #VU91524
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Race condition
EUVDB-ID: #VU91473
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27030
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Improper locking
EUVDB-ID: #VU90787
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26769
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Buffer overflow
EUVDB-ID: #VU93470
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27413
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Buffer overflow
EUVDB-ID: #VU91311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26915
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vega20_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega20_ih.c, within the vega10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega10_ih.c, within the tonga_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/tonga_ih.c, within the si_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/si_ih.c, within the navi10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/navi10_ih.c, within the iceland_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/iceland_ih.c, within the cz_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cz_ih.c, within the cik_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cik_ih.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Improper locking
EUVDB-ID: #VU93388
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26845
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Resource management error
EUVDB-ID: #VU94105
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27065
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Resource management error
EUVDB-ID: #VU89055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26924
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Resource management error
EUVDB-ID: #VU94104
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27390
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way the synchronize_net() function is called within the ipv6_mc_down() function in net/ipv6/mcast.c, which can lead to long synchronization up to 5 minutes. A remote attacker can perform a denial of service (DoS) attack by initiating multiple connections.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Improper locking
EUVDB-ID: #VU93787
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26773
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.113.123~20.04.1
linux-image-5.15.0-113-generic-lpae (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic-64k (Ubuntu package): before 5.15.0-113.123~20.04.1
linux-image-5.15.0-113-generic (Ubuntu package): before 5.15.0-113.123~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6871-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
