Ubuntu update for linux
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 179 |
| CVE-ID | CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 CVE-2024-35967 CVE-2024-35886 CVE-2024-26999 CVE-2024-27008 CVE-2024-26988 CVE-2024-35980 CVE-2024-26982 CVE-2024-35946 CVE-2024-35918 CVE-2024-27015 CVE-2024-35900 CVE-2024-35942 CVE-2024-35879 CVE-2024-35961 CVE-2024-35944 CVE-2024-35934 CVE-2024-35978 CVE-2024-35938 CVE-2024-27003 CVE-2024-35976 CVE-2024-36019 CVE-2024-35880 CVE-2024-35866 CVE-2024-35929 CVE-2024-35917 CVE-2024-35912 CVE-2024-35896 CVE-2024-26986 CVE-2024-35951 CVE-2024-35958 CVE-2024-26997 CVE-2024-35965 CVE-2024-35953 CVE-2024-26993 CVE-2024-26991 CVE-2024-35892 CVE-2024-36026 CVE-2024-35882 CVE-2024-35964 CVE-2024-35865 CVE-2024-35897 CVE-2024-26981 CVE-2024-35872 CVE-2024-36027 CVE-2024-26983 CVE-2024-35909 CVE-2024-35985 CVE-2024-35875 CVE-2024-35890 CVE-2024-26922 CVE-2024-26994 CVE-2024-35903 CVE-2024-35936 CVE-2024-35904 CVE-2024-27013 CVE-2024-36025 CVE-2024-26980 CVE-2024-27006 CVE-2024-35861 CVE-2024-35864 CVE-2024-27018 CVE-2024-36022 CVE-2024-26990 CVE-2024-35968 CVE-2024-35860 CVE-2024-36024 CVE-2024-35933 CVE-2024-27019 CVE-2024-35925 CVE-2024-35950 CVE-2024-35915 CVE-2024-35916 CVE-2024-35956 CVE-2024-36020 CVE-2024-35873 CVE-2024-27002 CVE-2024-35963 CVE-2024-35959 CVE-2024-35937 CVE-2024-27011 CVE-2024-27020 CVE-2024-35883 CVE-2024-35913 CVE-2024-35910 CVE-2024-27021 CVE-2024-35921 CVE-2024-35905 CVE-2024-27010 CVE-2024-35981 CVE-2024-35885 CVE-2024-35955 CVE-2024-35894 CVE-2024-35969 CVE-2024-36018 CVE-2024-35867 CVE-2024-27007 CVE-2024-35908 CVE-2024-26985 CVE-2024-27016 CVE-2024-35960 CVE-2024-35935 CVE-2024-35932 CVE-2024-35957 CVE-2024-27001 CVE-2024-35871 CVE-2024-35907 CVE-2024-35878 CVE-2024-35979 CVE-2024-35972 CVE-2024-35975 CVE-2024-35877 CVE-2024-35926 CVE-2024-26817 CVE-2024-35899 CVE-2024-27004 CVE-2024-35920 CVE-2024-35924 CVE-2024-35977 CVE-2024-35930 CVE-2024-35911 CVE-2024-26996 CVE-2024-27005 CVE-2024-35870 CVE-2024-35982 CVE-2024-35895 CVE-2024-35943 CVE-2024-35902 CVE-2024-35919 CVE-2024-35973 CVE-2024-35931 CVE-2024-35888 CVE-2024-35914 CVE-2024-35970 CVE-2024-36023 CVE-2024-27012 CVE-2024-35939 CVE-2024-26984 CVE-2024-35884 CVE-2024-35901 CVE-2024-26811 CVE-2024-35966 CVE-2024-35891 CVE-2024-35887 CVE-2024-35945 CVE-2024-35971 CVE-2024-35862 CVE-2024-26987 CVE-2024-26921 CVE-2024-26989 CVE-2024-35952 CVE-2024-27009 CVE-2024-35893 CVE-2024-26995 CVE-2024-26925 CVE-2024-35868 CVE-2024-35954 CVE-2024-35922 CVE-2024-27000 CVE-2024-36021 CVE-2024-27014 CVE-2024-35940 CVE-2024-26992 CVE-2024-26926 CVE-2024-35927 CVE-2024-35863 CVE-2024-27022 CVE-2024-26998 CVE-2024-27017 CVE-2024-26928 CVE-2024-35889 CVE-2024-35898 CVE-2024-35869 CVE-2024-26936 CVE-2024-26923 CVE-2023-52699 CVE-2024-35974 |
| CWE-ID | CWE-362 CWE-125 CWE-835 CWE-667 CWE-119 CWE-191 CWE-20 CWE-476 CWE-682 CWE-399 CWE-401 CWE-416 CWE-404 CWE-200 CWE-388 CWE-193 CWE-366 CWE-369 CWE-908 CWE-665 CWE-264 CWE-190 CWE-823 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-24.04a (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-lts-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-classic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-38-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-38-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-38-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-38-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1010-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1010-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1010-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1008-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1008-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1007-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1007-intel (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-intel (Ubuntu package) / |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 179 vulnerabilities.
1) Race condition
EUVDB-ID: #VU92719
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24857
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU92720
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24858
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU92721
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24859
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU90303
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35967
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU91413
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU91449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26999
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU91095
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27008
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU93305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26988
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_command_line() function in init/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Integer underflow
EUVDB-ID: #VU91667
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35980
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the arch/arm64/include/asm/tlbflush.h. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU90857
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90545
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35946
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_ops_bss_info_changed() and rtw89_ops_remain_on_channel() functions in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU94126
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35918
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/randomize_kstack.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU94132
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_tuple_encap() function in net/netfilter/nf_flow_table_ip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Incorrect calculation
EUVDB-ID: #VU93613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35900
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU93840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35942
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Memory leak
EUVDB-ID: #VU89979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35879
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper locking
EUVDB-ID: #VU92019
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35961
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_sf_dev_remove() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_init_one_devl_locked(), mlx5_init_one(), mlx5_uninit_one(), mlx5_init_one_light(), mlx5_uninit_one_light(), probe_one() and remove_one() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU93839
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35944
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU92020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU93240
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35938
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ARRAY_SIZE() function in drivers/net/wireless/ath/ath11k/mhi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU90771
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27003
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clk_summary_show_subtree(), clk_summary_show() and clk_dump_show() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU90305
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU90274
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36019
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the regcache_maple_drop() function in drivers/base/regmap/regcache-maple.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU92022
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35880
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __io_remove_buffers() and io_unregister_pbuf_ring() functions in io_uring/kbuf.c, within the io_uring_validate_mmap_request() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU90153
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_dump_full_key() function in fs/smb/client/ioctl.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Memory leak
EUVDB-ID: #VU90443
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35929
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kernel/rcu/tree_nocb.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU90546
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skip(), asm(), bpf_jit_epilogue(), bpf_int_jit_compile(), bpf_jit_supports_far_kfunc_call() and bpf_arch_text_poke() functions in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU91640
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35912
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iwl_rfi_get_freq_table() function in drivers/net/wireless/intel/iwlwifi/mvm/rfi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU89994
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26986
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kfd_create_process() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper resource shutdown or release
EUVDB-ID: #VU93746
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35951
CWE-ID:
CWE-404 - Improper Resource Shutdown or Release
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Input validation error
EUVDB-ID: #VU93871
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26997
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the dwc2_cmpl_host_isoc_dma_desc() function in drivers/usb/dwc2/hcd_ddma.c in DDMA completion flow. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Input validation error
EUVDB-ID: #VU93797
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU90747
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35953
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ivpu_dev_init() function in drivers/accel/ivpu/ivpu_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU90319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26991
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_arch_post_set_memory_attributes() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU91446
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35892
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Resource management error
EUVDB-ID: #VU93773
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36026
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smu_v13_0_4_system_features_control() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU89978
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35882
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svc_tcp_sendmsg() function in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU93796
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35964
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iso_sock_setsockopt() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU90148
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35865
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_oplock_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Resource management error
EUVDB-ID: #VU93269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35897
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU90318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26981
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Resource management error
EUVDB-ID: #VU93256
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35872
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/secretmem.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU93135
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36027
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the btrfs_clear_buffer_dirty() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU90188
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26983
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xbc_alloc_mem(), xbc_parse_tree() and xbc_init() functions in lib/bootconfig.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU93308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35909
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the t7xx_pcie_mac_atr_tables_dis() and t7xx_pcie_mac_atr_cfg() functions in drivers/net/wwan/t7xx/t7xx_pcie_mac.c, within the t7xx_cldma_gpd_rx_from_q() and t7xx_cldma_txq_empty_hndl() functions in drivers/net/wwan/t7xx/t7xx_hif_cldma.c, within the t7xx_cldma_tx_addr_is_set() and t7xx_cldma_hw_set_start_addr() functions in drivers/net/wwan/t7xx/t7xx_cldma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU91092
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35985
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the avg_vruntime() and reweight_eevdf() functions in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU93678
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35875
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the setup_arch() function in arch/x86/kernel/setup.c, within the cc_mkdec() function in arch/x86/coco/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper error handling
EUVDB-ID: #VU93651
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35890
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_gro_receive_list() and skb_gro_receive() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU89054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU93243
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26994
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU93677
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35903
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the emit_call() function in arch/x86/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper error handling
EUVDB-ID: #VU90942
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35936
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU93461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Off-by-one
EUVDB-ID: #VU91172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36025
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU90320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26980
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Input validation error
EUVDB-ID: #VU93685
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27006
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the thermal_debug_tz_trip_up() function in drivers/thermal/thermal_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU90150
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_signal_cifsd_for_reconnect() function in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU90149
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Resource management error
EUVDB-ID: #VU93196
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27018
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c, within the br_netif_receive_skb(), br_pass_frame_up(), br_handle_frame_finish() and br_handle_frame() functions in net/bridge/br_input.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper locking
EUVDB-ID: #VU93437
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36022
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_drv_delayed_reset_work_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c, within the amdgpu_amdkfd_drm_client_create() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Incorrect calculation
EUVDB-ID: #VU93760
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26990
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the kvm_tdp_mmu_try_split_huge_pages(), kvm_tdp_mmu_clear_dirty_slot() and clear_dirty_pt_masked() functions in arch/x86/kvm/mmu/tdp_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU90748
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35968
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pdsc_init_pf() function in drivers/net/ethernet/amd/pds_core/main.c, within the pdsc_devcmd_reset() function in drivers/net/ethernet/amd/pds_core/dev.c, within the pdsc_teardown() and pdsc_check_pci_health() functions in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Incorrect calculation
EUVDB-ID: #VU93755
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35860
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_kprobe_multi_link_fill_link_info() and bpf_uprobe_multi_link_dealloc() functions in kernel/trace/bpf_trace.c, within the bpf_link_inc() and bpf_raw_tp_link_fill_link_info() functions in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Race condition
EUVDB-ID: #VU91464
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36024
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dc_wake_and_execute_dmub_cmd_list() and dc_wake_and_execute_gpint() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) NULL pointer dereference
EUVDB-ID: #VU90507
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35933
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use of uninitialized resource
EUVDB-ID: #VU90874
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU90512
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35916
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sanitycheck() function in drivers/dma-buf/st-dma-fence-chain.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Information disclosure
EUVDB-ID: #VU91343
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35956
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use of uninitialized resource
EUVDB-ID: #VU91675
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36020
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Resource management error
EUVDB-ID: #VU93268
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35873
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __restore_v_state() function in arch/riscv/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper locking
EUVDB-ID: #VU90772
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27002
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_clk_simple_probe() and mtk_free_clk_data() functions in drivers/clk/mediatek/clk-mtk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Input validation error
EUVDB-ID: #VU93795
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_sock_setsockopt_old() and hci_sock_setsockopt() functions in net/bluetooth/hci_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper locking
EUVDB-ID: #VU92018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35959
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_priv_cleanup() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c, within the mlx5e_selq_init() and mlx5e_selq_cleanup() functions in drivers/net/ethernet/mellanox/mlx5/core/en/selq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Out-of-bounds read
EUVDB-ID: #VU91093
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35937
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Memory leak
EUVDB-ID: #VU90463
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27011
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Memory leak
EUVDB-ID: #VU89977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35883
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci1xxxx_spi_probe() function in drivers/spi/spi-pci1xxxx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Resource management error
EUVDB-ID: #VU93191
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35913
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_rx_session_protect_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/time-event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper locking
EUVDB-ID: #VU92021
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35910
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper locking
EUVDB-ID: #VU90767
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27021
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the rtl_remove_one() and rtl_init_one() functions in drivers/net/ethernet/realtek/r8169_main.c, within the rtl8168_setup_ldev() function in drivers/net/ethernet/realtek/r8169_leds.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper Initialization
EUVDB-ID: #VU93608
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35921
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the vdec_hevc_slice_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Out-of-bounds read
EUVDB-ID: #VU90307
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Improper locking
EUVDB-ID: #VU90769
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27010
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qdisc_alloc() function in net/sched/sch_generic.c, within the qdisc_run_end() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Infinite loop
EUVDB-ID: #VU91410
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35981
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the virtnet_get_rxfh() and virtnet_probe() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) NULL pointer dereference
EUVDB-ID: #VU90509
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35885
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlxbf_gige_shutdown() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU90145
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35955
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU93428
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35894
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in mptcp_set_rcvlowat() function in net/mptcp/sockopt.c, which allow bpf accessing mptcp-level proto_ops from a tcp subflow scope. A local user can perform a denial of service (DoS) attack.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Use-after-free
EUVDB-ID: #VU90143
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35969
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Buffer overflow
EUVDB-ID: #VU93663
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36018
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the op_remap() function in drivers/gpu/drm/nouveau/nouveau_uvmm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU90154
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35867
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Buffer overflow
EUVDB-ID: #VU91200
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27007
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the move_pages_huge_pmd() function in mm/huge_memory.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper locking
EUVDB-ID: #VU91516
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35908
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Information disclosure
EUVDB-ID: #VU91357
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26985
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the intel_fb_bo_framebuffer_init() function in drivers/gpu/drm/xe/display/intel_fb_bo.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Input validation error
EUVDB-ID: #VU94131
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27016
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_xmit_xfrm(), nf_flow_skb_encap_protocol() and nf_flow_encap_pop() functions in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improper error handling
EUVDB-ID: #VU90944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35935
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Use-after-free
EUVDB-ID: #VU90146
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc4_prepare_fb() and vc4_cleanup_fb() functions in drivers/gpu/drm/vc4/vc4_plane.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Improper locking
EUVDB-ID: #VU91514
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35957
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_iommu_probe_device() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Resource management error
EUVDB-ID: #VU92969
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27001
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Memory leak
EUVDB-ID: #VU91639
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __asm__() and copy_thread() functions in arch/riscv/kernel/process.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Out-of-bounds read
EUVDB-ID: #VU90308
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35907
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxbf_gige_open() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Use-after-free
EUVDB-ID: #VU90144
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_write_request() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Memory leak
EUVDB-ID: #VU89974
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bnxt_rdma_aux_device_init() function in drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Memory leak
EUVDB-ID: #VU91636
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35975
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the otx2_qos_read_txschq_cfg_tl() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Memory leak
EUVDB-ID: #VU91638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35877
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Memory leak
EUVDB-ID: #VU91637
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35926
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iaa_compress() and iaa_decompress() functions in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use-after-free
EUVDB-ID: #VU90160
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU90770
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU90541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35920
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vpu_dec_check_ap_inst() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c, within the fops_vcodec_open(), fops_vcodec_release() and mtk_vcodec_probe() functions in drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c, within the mtk_vcodec_vpu_reset_dec_handler() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Buffer overflow
EUVDB-ID: #VU93623
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ucsi_read_message_in(), ucsi_read_error(), ucsi_send_command() and ucsi_register() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU90506
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35977
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cros_ec_uart_probe() function in drivers/platform/chrome/cros_ec_uart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Memory leak
EUVDB-ID: #VU89976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU90513
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Use-after-free
EUVDB-ID: #VU90184
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26996
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Improper locking
EUVDB-ID: #VU91522
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the path_init() and icc_put() functions in drivers/interconnect/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU90158
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35870
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_mark_tcp_ses_conns_for_reconnect() and cifs_find_smb_ses() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU90752
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) NULL pointer dereference
EUVDB-ID: #VU90544
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35943
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omap_prm_domain_init() function in drivers/pmdomain/ti/omap_prm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) NULL pointer dereference
EUVDB-ID: #VU91234
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) NULL pointer dereference
EUVDB-ID: #VU90543
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vpu_enc_check_ap_inst() function in drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c, within the fops_vcodec_open(), fops_vcodec_release() and mtk_vcodec_probe() functions in drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c, within the mtk_vcodec_vpu_reset_enc_handler() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Use of uninitialized resource
EUVDB-ID: #VU90872
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35973
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Improper error handling
EUVDB-ID: #VU90943
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35931
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_pci_slot_reset() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use of uninitialized resource
EUVDB-ID: #VU90873
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Improper locking
EUVDB-ID: #VU90753
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35914
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lock_rename() and unlock_rename() functions in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Out-of-bounds read
EUVDB-ID: #VU90304
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the manage_oob() function in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) NULL pointer dereference
EUVDB-ID: #VU90387
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36023
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the orangefs_mount() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Memory leak
EUVDB-ID: #VU90461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Information disclosure
EUVDB-ID: #VU91344
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35939
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU90557
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Buffer overflow
EUVDB-ID: #VU93150
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Resource management error
EUVDB-ID: #VU93192
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35901
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Buffer overflow
EUVDB-ID: #VU88543
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26811
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when installing malicious ksmbd-tools. A local user can force the ksmbd.mountd to return invalid ipc response to ksmbd kernel server, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Out-of-bounds read
EUVDB-ID: #VU90306
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) NULL pointer dereference
EUVDB-ID: #VU90511
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35891
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lan8814_txtstamp(), lan8814_get_sig_rx(), lan8814_match_rx_ts(), lan8814_ptpci_adjfine(), lan8814_get_sig_tx(), lan8814_dequeue_tx_skb() and lan8814_match_skb() functions in drivers/net/phy/micrel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU90159
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper error handling
EUVDB-ID: #VU92056
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35945
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the phy_sfp_probe(), phy_attach_direct() and phy_get_internal_delay() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Improper locking
EUVDB-ID: #VU91444
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35971
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_rx_pkts() and ks8851_irq() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Use-after-free
EUVDB-ID: #VU90152
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Improper locking
EUVDB-ID: #VU90773
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26987
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __page_handle_poison() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Integer underflow
EUVDB-ID: #VU91672
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26921
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Resource management error
EUVDB-ID: #VU93297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26989
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kernel_page_present() function in arch/arm64/mm/pageattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Improper locking
EUVDB-ID: #VU91515
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ast_dp_set_on_off() function in drivers/gpu/drm/ast/ast_dp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Race condition
EUVDB-ID: #VU91474
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27009
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ccw_device_set_online() function in drivers/s390/cio/device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Memory leak
EUVDB-ID: #VU93609
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Off-by-one
EUVDB-ID: #VU91175
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26995
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the tcpm_pd_set() function in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Improper locking
EUVDB-ID: #VU92034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26925
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Use-after-free
EUVDB-ID: #VU90155
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35868
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_write() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) NULL pointer dereference
EUVDB-ID: #VU90540
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35954
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Division by zero
EUVDB-ID: #VU91372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35922
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Improper locking
EUVDB-ID: #VU91450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27000
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Improper Initialization
EUVDB-ID: #VU91548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclge_init_ae_dev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Improper locking
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) NULL pointer dereference
EUVDB-ID: #VU90542
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35940
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Information disclosure
EUVDB-ID: #VU91356
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26992
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the vmx_get_perf_capabilities() function in arch/x86/kvm/vmx/vmx.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU91119
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26926
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Use of uninitialized resource
EUVDB-ID: #VU93083
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35927
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the reschedule_output_poll_work() and EXPORT_SYMBOL() functions in drivers/gpu/drm/drm_probe_helper.c, within the drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() functions in drivers/gpu/drm/drm_modeset_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Use-after-free
EUVDB-ID: #VU90151
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35863
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the is_valid_oplock_break() function in fs/smb/client/misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Improper locking
EUVDB-ID: #VU92030
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27022
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the dup_mmap() function in kernel/fork.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) NULL pointer dereference
EUVDB-ID: #VU90556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26998
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uart_tty_port_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Incorrect calculation
EUVDB-ID: #VU93615
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27017
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use-after-free
EUVDB-ID: #VU90192
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_debug_files_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Input validation error
EUVDB-ID: #VU93427
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35889
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the idpf_rx_process_skb_fields() function in drivers/net/ethernet/intel/idpf/idpf_txrx.c when handling unknown packet types. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Race condition within a thread
EUVDB-ID: #VU91427
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35898
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Use-after-free
EUVDB-ID: #VU90157
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35869
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the tcon_info_alloc() and tconInfoFree() functions in fs/smb/client/misc.c, within the dfs_cache_remount_fs() function in fs/smb/client/dfs_cache.c, within the get_session(), __dfs_mount_share() and dfs_mount_share() functions in fs/smb/client/dfs.c, within the match_session(), cifs_get_smb_ses(), cifs_mount_put_conns() and cifs_mount() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Out-of-bounds read
EUVDB-ID: #VU90322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_allocate_rsp_buf() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Improper locking
EUVDB-ID: #VU90751
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52699
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Buffer overflow
EUVDB-ID: #VU93149
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_alloc_queue() function in block/blk-core.c, within the blkcg_css_online() and blkcg_init_disk() functions in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-virtual (Ubuntu package): before 6.8.0-38.38
linux-image-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1008.8
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-kvm (Ubuntu package): before 6.8.0-38.38
linux-image-intel (Ubuntu package): before 6.8.0-1007.14
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1008.8
linux-image-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-generic-lpae (Ubuntu package): before 6.8.0-38.38
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-38.38
linux-image-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-generic (Ubuntu package): before 6.8.0-38.38
linux-image-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-38-lowlatency-64k (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-lowlatency (Ubuntu package): before 6.8.0-38.38.1
linux-image-6.8.0-38-generic-64k (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-38-generic (Ubuntu package): before 6.8.0-38.38
linux-image-6.8.0-1010-gcp (Ubuntu package): before 6.8.0-1010.11
linux-image-6.8.0-1010-azure-fde (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1010-azure (Ubuntu package): before 6.8.0-1010.10
linux-image-6.8.0-1008-oem (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1008-ibm (Ubuntu package): before 6.8.0-1008.8
linux-image-6.8.0-1007-raspi (Ubuntu package): before 6.8.0-1007.7
linux-image-6.8.0-1007-intel (Ubuntu package): before 6.8.0-1007.14
External linkshttp://ubuntu.com/security/notices/USN-6893-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
