Debian update for linux

1) Buffer overflow

EUVDB-ID: #VU69766

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43945

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service attacl.

The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU93327

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU94364

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-25741

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper locking

EUVDB-ID: #VU91536

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26629

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition within a thread

EUVDB-ID: #VU91431

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27019

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory leak

EUVDB-ID: #VU93016

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-31076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Resource management error

EUVDB-ID: #VU93043

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-33621

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Reachable assertion

EUVDB-ID: #VU93128

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-33847

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the f2fs_setattr() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper locking

EUVDB-ID: #VU93125

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34027

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU93122

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35247

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU89897

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36014

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Unchecked Return Value

EUVDB-ID: #VU89896

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36015

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds write

EUVDB-ID: #VU89898

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36016

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU93028

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36270

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU93036

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36286

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Infinite loop

EUVDB-ID: #VU93062

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36288

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU93030

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36489

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper locking

EUVDB-ID: #VU90735

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU91597

Risk: Critical

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2024-36971

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

20) Input validation error

EUVDB-ID: #VU93310

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU92332

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36978

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper locking

EUVDB-ID: #VU93342

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37078

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU93179

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37353

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU93024

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37356

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use of uninitialized resource

EUVDB-ID: #VU93042

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38381

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU92351

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38546

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) NULL pointer dereference

EUVDB-ID: #VU92350

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38547

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU92349

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38548

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU93390

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38549

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU92330

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38552

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU92307

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38555

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Input validation error

EUVDB-ID: #VU94117

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38558

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Resource management error

EUVDB-ID: #VU93836

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38565

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU92370

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38567

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU92322

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38578

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Buffer overflow

EUVDB-ID: #VU92953

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38579

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU92366

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38582

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU92311

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38583

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU93134

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38586

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU92321

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38587

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper locking

EUVDB-ID: #VU92365

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38589

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Resource management error

EUVDB-ID: #VU93087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38590

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Race condition within a thread

EUVDB-ID: #VU92380

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38596

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU92361

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38597

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds read

EUVDB-ID: #VU92320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38598

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

EUVDB-ID: #VU92319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38599

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Infinite loop

EUVDB-ID: #VU93063

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38601

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU93048

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38605

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU93181

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38607

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU92314

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38612

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU92359

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38613

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU94120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38615

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU92371

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38618

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use of uninitialized resource

EUVDB-ID: #VU93082

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

EUVDB-ID: #VU93025

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38621

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Double free

EUVDB-ID: #VU93040

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38627

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU93032

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38633

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper locking

EUVDB-ID: #VU93038

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38634

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Out-of-bounds read

EUVDB-ID: #VU93027

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38635

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU93046

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38637

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Out-of-bounds read

EUVDB-ID: #VU93080

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38659

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU93333

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU93033

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38662

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU93034

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38780

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Memory leak

EUVDB-ID: #VU93320

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39276

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Resource management error

EUVDB-ID: #VU93178

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39292

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the register_winch_irq() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use of uninitialized resource

EUVDB-ID: #VU93337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39301

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Out-of-bounds read

EUVDB-ID: #VU93325

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39467

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Improper locking

EUVDB-ID: #VU93335

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39468

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Improper error handling

EUVDB-ID: #VU93336

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39469

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Out-of-bounds read

EUVDB-ID: #VU93326

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39471

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Division by zero

EUVDB-ID: #VU93828

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39475

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper locking

EUVDB-ID: #VU93824

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39476

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the raid5d() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Buffer overflow

EUVDB-ID: #VU93827

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39480

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Out-of-bounds read

EUVDB-ID: #VU93821

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39482

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU93818

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39484

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Improper error handling

EUVDB-ID: #VU94087

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39488

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Memory leak

EUVDB-ID: #VU94084

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39489

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Memory leak

EUVDB-ID: #VU94086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39493

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use-after-free

EUVDB-ID: #VU94232

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39495

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Memory leak

EUVDB-ID: #VU94201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39499

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Improper locking

EUVDB-ID: #VU94277

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39501

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) NULL pointer dereference

EUVDB-ID: #VU94261

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39502

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use-after-free

EUVDB-ID: #VU94230

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39503

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) NULL pointer dereference

EUVDB-ID: #VU94259

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39505

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU94258

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39506

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU94310

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39509

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Out-of-bounds read

EUVDB-ID: #VU94233

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40901

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU94296

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40902

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU94283

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40904

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU94257

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper locking

EUVDB-ID: #VU94282

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40912

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Improper locking

EUVDB-ID: #VU94281

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40916

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Out-of-bounds read

EUVDB-ID: #VU94234

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40929

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use of uninitialized resource

EUVDB-ID: #VU94293

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40931

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Memory leak

EUVDB-ID: #VU94205

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40934

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU94315

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Memory leak

EUVDB-ID: #VU94207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40942

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Improper locking

EUVDB-ID: #VU94278

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) NULL pointer dereference

EUVDB-ID: #VU94250

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40945

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use-after-free

EUVDB-ID: #VU94215

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU94246

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40959

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) NULL pointer dereference

EUVDB-ID: #VU94245

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40960

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) NULL pointer dereference

EUVDB-ID: #VU94244

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40961

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Input validation error

EUVDB-ID: #VU94318

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Input validation error

EUVDB-ID: #VU94319

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Input validation error

EUVDB-ID: #VU94323

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40971

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Buffer overflow

EUVDB-ID: #VU94301

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40974

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Race condition

EUVDB-ID: #VU94297

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40976

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lima_sched_timedout_job() function in drivers/gpu/drm/lima/lima_sched.c. A local user can escalate privileges on the system.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Resource management error

EUVDB-ID: #VU94299

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40978

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper locking

EUVDB-ID: #VU94270

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improper locking

EUVDB-ID: #VU94269

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40981

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Resource management error

EUVDB-ID: #VU94304

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40983

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) NULL pointer dereference

EUVDB-ID: #VU94239

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Resource management error

EUVDB-ID: #VU94307

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40987

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Resource management error

EUVDB-ID: #VU94308

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40988

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Input validation error

EUVDB-ID: #VU94325

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40990

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Incorrect calculation

EUVDB-ID: #VU94311

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40993

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the MODULE_DESCRIPTION() and ip_set_create() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Improper locking

EUVDB-ID: #VU94267

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Integer overflow

EUVDB-ID: #VU94295

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41000

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Improper locking

EUVDB-ID: #VU94265

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41004

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Improper locking

EUVDB-ID: #VU94264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41005

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Memory leak

EUVDB-ID: #VU94213

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41006

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

Update linux package to version 5.10.221-1.

Debian Linux: All versions

linux (Debian package): before 5.10.221-1

• cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:linux_debian_package:*:*:*:*:*:debian_linux:*:*

https://lists.debian.org/debian-security-announce/2024/msg00141.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.