Ubuntu update for linux-oracle

1) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU85422

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7042

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU87192

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22099

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU88102

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23307

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU92719

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24857

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to damange or delete data.

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition

EUVDB-ID: #VU92720

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24858

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU92721

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24859

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Race condition

EUVDB-ID: #VU91634

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24861

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper check for unusual or exceptional conditions

EUVDB-ID: #VU92399

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25739

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper access control

EUVDB-ID: #VU89268

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52620

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) NULL pointer dereference

EUVDB-ID: #VU90517

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52650

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU91449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26999

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use of uninitialized resource

EUVDB-ID: #VU90876

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26857

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU91458

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU90178

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU91318

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU89899

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52880

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use of uninitialized resource

EUVDB-ID: #VU90874

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35915

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU93652

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26955

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU90168

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27396

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Division by zero

EUVDB-ID: #VU91372

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35922

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU90169

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27395

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU90160

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper error handling

EUVDB-ID: #VU90947

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU91450

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27000

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper locking

EUVDB-ID: #VU90770

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27004

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU90563

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26931

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Information disclosure

EUVDB-ID: #VU91355

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26993

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper locking

EUVDB-ID: #VU91521

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27013

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU91529

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26812

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU93609

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU90455

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27073

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU92043

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26687

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU91397

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Information disclosure

EUVDB-ID: #VU91363

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26901

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU90193

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26875

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU90774

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26976

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Buffer overflow

EUVDB-ID: #VU91312

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26889

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds write

EUVDB-ID: #VU88935

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26586

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use of uninitialized resource

EUVDB-ID: #VU91675

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36020

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU90573

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26859

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Resource management error

EUVDB-ID: #VU93839

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35944

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use of uninitialized resource

EUVDB-ID: #VU90873

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35888

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU91393

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26965

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Incorrect calculation

EUVDB-ID: #VU93612

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36007

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Double free

EUVDB-ID: #VU90891

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35847

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds write

EUVDB-ID: #VU93594

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Infinite loop

EUVDB-ID: #VU91411

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35982

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper locking

EUVDB-ID: #VU90751

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52699

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU92070

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26903

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Out-of-bounds read

EUVDB-ID: #VU91394

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26966

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU92021

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35910

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Information disclosure

EUVDB-ID: #VU91360

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26973

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Improper locking

EUVDB-ID: #VU90752

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35895

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Out-of-bounds read

EUVDB-ID: #VU91095

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27008

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU90776

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26934

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper locking

EUVDB-ID: #VU92035

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26923

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer overflow

EUVDB-ID: #VU93155

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26956

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU92969

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27001

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Unchecked Return Value

EUVDB-ID: #VU87902

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26651

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Memory leak

EUVDB-ID: #VU90002

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26894

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) NULL pointer dereference

EUVDB-ID: #VU90555

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU92029

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27053

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Division by zero

EUVDB-ID: #VU91374

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27059

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use of obsolete function

EUVDB-ID: #VU93856

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52656

CWE-ID: CWE-477 - Use of Obsolete Function

Exploit availability: No

The vulnerability allows a local user to have negative impact on system performance.

The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU90574

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU90755

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35806

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) NULL pointer dereference

EUVDB-ID: #VU91236

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27038

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Memory leak

EUVDB-ID: #VU89991

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU93243

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26994

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Memory leak

EUVDB-ID: #VU90451

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27077

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Resource management error

EUVDB-ID: #VU93202

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27437

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU90588

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26813

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Integer underflow

EUVDB-ID: #VU91674

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Resource management error

EUVDB-ID: #VU93270

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35807

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use-after-free

EUVDB-ID: #VU90143

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35969

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Improper locking

EUVDB-ID: #VU91519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35805

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Race condition within a thread

EUVDB-ID: #VU91434

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26862

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Resource exhaustion

EUVDB-ID: #VU92194

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48627

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU91119

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26926

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU90507

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35933

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Race condition within a thread

EUVDB-ID: #VU91427

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35898

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Resource management error

EUVDB-ID: #VU93841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27024

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the rds_sendmsg() function in net/rds/send.c, within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Improper locking

EUVDB-ID: #VU91448

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35819

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Memory leak

EUVDB-ID: #VU89976

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35930

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Race condition

EUVDB-ID: #VU88148

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26654

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Input validation error

EUVDB-ID: #VU89054

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26922

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU90557

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Resource management error

EUVDB-ID: #VU92988

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26880

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU90519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27046

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Resource management error

EUVDB-ID: #VU93775

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26820

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Resource management error

EUVDB-ID: #VU93838

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36006

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Buffer overflow

EUVDB-ID: #VU91602

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26883

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Memory leak

EUVDB-ID: #VU90450

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Incorrect calculation

EUVDB-ID: #VU93614

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35813

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper error handling

EUVDB-ID: #VU90944

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35935

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU90163

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use of uninitialized resource

EUVDB-ID: #VU90872

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35973

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) NULL pointer dereference

EUVDB-ID: #VU90521

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27044

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Infinite loop

EUVDB-ID: #VU91413

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35886

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Improper access control

EUVDB-ID: #VU88150

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26642

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Infinite loop

EUVDB-ID: #VU91412

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35997

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Improper locking

EUVDB-ID: #VU93464

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35822

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Memory leak

EUVDB-ID: #VU90453

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Memory leak

EUVDB-ID: #VU89984

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35853

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper error handling

EUVDB-ID: #VU90942

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35936

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper locking

EUVDB-ID: #VU92025

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35821

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Out-of-bounds read

EUVDB-ID: #VU90318

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26981

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Memory leak

EUVDB-ID: #VU89983

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35852

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Use-after-free

EUVDB-ID: #VU90194

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Use of uninitialized resource

EUVDB-ID: #VU90877

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26863

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Resource management error

EUVDB-ID: #VU94105

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27065

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Memory leak

EUVDB-ID: #VU90447

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35828

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Use-after-free

EUVDB-ID: #VU90185

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Buffer overflow

EUVDB-ID: #VU93153

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35823

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Incorrect calculation

EUVDB-ID: #VU93613

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35900

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Improper Initialization

EUVDB-ID: #VU93351

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35960

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Memory leak

EUVDB-ID: #VU89973

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35978

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) NULL pointer dereference

EUVDB-ID: #VU90576

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Memory leak

EUVDB-ID: #VU91650

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26816

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Resource management error

EUVDB-ID: #VU93269

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35897

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Resource management error

EUVDB-ID: #VU93271

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35815

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the aio_setup_ring() and kiocb_set_cancel_fn() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Buffer overflow

EUVDB-ID: #VU91604

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Infinite loop

EUVDB-ID: #VU93068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52644

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Race condition within a thread

EUVDB-ID: #VU91429

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27419

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use of uninitialized resource

EUVDB-ID: #VU90878

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26882

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use-after-free

EUVDB-ID: #VU90145

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35955

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Memory leak

EUVDB-ID: #VU91638

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35877

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Use-after-free

EUVDB-ID: #VU91062

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Information disclosure

EUVDB-ID: #VU91345

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35849

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Integer overflow

EUVDB-ID: #VU88544

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26817

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Division by zero

EUVDB-ID: #VU91373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35925

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Information disclosure

EUVDB-ID: #VU91358

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26935

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Race condition within a thread

EUVDB-ID: #VU91432

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27020

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Use-after-free

EUVDB-ID: #VU92212

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Reachable assertion

EUVDB-ID: #VU90909

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26937

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Use-after-free

EUVDB-ID: #VU90197

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Use-after-free

EUVDB-ID: #VU90162

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35854

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Out-of-bounds read

EUVDB-ID: #VU91096

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26851

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Race condition

EUVDB-ID: #VU91473

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27030

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*:

http://ubuntu.com/security/notices/USN-6896-3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) NULL pointer dereference

EUVDB-ID: #VU90575

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-oracle to the latest version.

Ubuntu: 20.04

linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1047.47

linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1127.120

linux-image-5.4.0-1127-oracle (Ubuntu package): before 5.4.0-1127.136

linux-image-5.4.0-1047-xilinx-zynqmp (Ubuntu package): before 5.4.0-1047.51

• cpe:2.3:o:canonical:ubuntu:20.04:*:*:*:*:*:*: