Ubuntu update for linux-aws
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 155 |
| CVE-ID | CVE-2022-38096 CVE-2024-23307 CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 CVE-2024-24861 CVE-2024-25739 CVE-2024-35855 CVE-2024-35944 CVE-2024-35851 CVE-2024-35796 CVE-2024-26812 CVE-2024-26814 CVE-2024-35819 CVE-2024-26976 CVE-2024-35809 CVE-2024-35973 CVE-2024-26964 CVE-2024-35852 CVE-2024-27018 CVE-2024-26958 CVE-2024-35893 CVE-2024-35885 CVE-2024-26950 CVE-2024-26654 CVE-2024-26993 CVE-2024-26957 CVE-2024-35907 CVE-2024-26984 CVE-2024-35806 CVE-2024-35988 CVE-2024-35930 CVE-2024-27009 CVE-2024-27020 CVE-2024-35905 CVE-2024-35857 CVE-2023-52699 CVE-2024-35902 CVE-2024-35895 CVE-2024-35934 CVE-2024-35853 CVE-2024-26937 CVE-2024-27013 CVE-2024-26813 CVE-2024-35925 CVE-2024-26956 CVE-2024-26935 CVE-2024-26925 CVE-2024-26926 CVE-2024-35922 CVE-2024-35813 CVE-2024-26973 CVE-2024-26961 CVE-2024-26934 CVE-2024-26687 CVE-2024-35900 CVE-2024-35871 CVE-2024-35896 CVE-2024-36005 CVE-2024-26989 CVE-2024-35807 CVE-2024-35789 CVE-2024-26970 CVE-2024-35935 CVE-2024-27008 CVE-2024-26981 CVE-2024-35897 CVE-2024-26988 CVE-2024-26642 CVE-2024-35997 CVE-2024-35915 CVE-2024-35822 CVE-2024-26966 CVE-2024-27019 CVE-2024-26965 CVE-2024-35884 CVE-2024-35969 CVE-2024-36025 CVE-2024-27000 CVE-2024-26817 CVE-2024-35978 CVE-2024-26929 CVE-2024-27395 CVE-2024-35825 CVE-2024-36007 CVE-2024-35886 CVE-2024-35854 CVE-2023-52880 CVE-2024-26629 CVE-2024-35785 CVE-2024-35960 CVE-2024-26994 CVE-2023-52488 CVE-2024-26977 CVE-2024-27059 CVE-2024-27393 CVE-2024-26999 CVE-2024-35849 CVE-2024-36008 CVE-2024-26969 CVE-2024-35899 CVE-2024-35933 CVE-2024-35958 CVE-2024-27001 CVE-2024-35940 CVE-2024-26931 CVE-2024-36006 CVE-2024-35955 CVE-2024-26811 CVE-2024-35872 CVE-2024-36031 CVE-2024-26960 CVE-2024-26996 CVE-2024-35804 CVE-2024-35918 CVE-2024-27016 CVE-2024-36004 CVE-2024-27396 CVE-2024-35823 CVE-2024-35847 CVE-2024-35990 CVE-2024-26955 CVE-2024-35890 CVE-2024-35898 CVE-2024-35888 CVE-2024-35877 CVE-2024-35910 CVE-2024-35821 CVE-2024-26951 CVE-2024-27015 CVE-2024-35912 CVE-2024-26974 CVE-2024-26923 CVE-2024-35901 CVE-2024-26828 CVE-2024-35927 CVE-2024-35976 CVE-2024-35791 CVE-2024-35970 CVE-2024-27004 CVE-2024-35982 CVE-2024-35989 CVE-2024-35984 CVE-2024-35805 CVE-2024-36020 CVE-2024-35950 CVE-2024-35936 CVE-2024-27437 CVE-2024-26922 CVE-2024-26810 CVE-2024-35815 CVE-2024-36029 CVE-2024-35879 CVE-2024-35938 CVE-2024-35817 |
| CWE-ID | CWE-476 CWE-190 CWE-362 CWE-754 CWE-416 CWE-399 CWE-667 CWE-388 CWE-908 CWE-401 CWE-200 CWE-125 CWE-20 CWE-366 CWE-617 CWE-369 CWE-119 CWE-823 CWE-682 CWE-284 CWE-835 CWE-193 CWE-415 CWE-264 CWE-665 CWE-191 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-116-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-116-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-116-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1068-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1065-aws (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 155 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU73764
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-38096
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU92719
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24857
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU92720
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24858
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU92721
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24859
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Race condition
EUVDB-ID: #VU91634
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24861
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92399
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25739
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90163
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU93839
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35944
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU90839
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35851
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qca_prevent_wake() function in drivers/bluetooth/hci_qca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90553
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35796
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU91529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26812
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU92058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26814
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper locking
EUVDB-ID: #VU91448
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35819
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU90774
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26976
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper error handling
EUVDB-ID: #VU90947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU90872
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35973
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU90561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26964
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU89983
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35852
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU93196
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27018
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c, within the br_netif_receive_skb(), br_pass_frame_up(), br_handle_frame_finish() and br_handle_frame() functions in net/bridge/br_input.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU93609
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35893
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90509
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35885
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlxbf_gige_shutdown() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU91460
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26950
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Race condition
EUVDB-ID: #VU88148
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26654
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU91062
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26957
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU90308
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35907
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxbf_gige_open() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU90557
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU90755
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35806
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Input validation error
EUVDB-ID: #VU94125
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35988
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Memory leak
EUVDB-ID: #VU89976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35930
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Race condition
EUVDB-ID: #VU91474
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27009
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ccw_device_set_online() function in drivers/s390/cio/device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU90307
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU91235
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the icmp_build_probe() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper locking
EUVDB-ID: #VU90751
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52699
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU91234
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU90752
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU92020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU89984
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Reachable assertion
EUVDB-ID: #VU90909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26937
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU90588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26813
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU93155
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Information disclosure
EUVDB-ID: #VU91358
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26935
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU92034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26925
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU91119
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26926
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Division by zero
EUVDB-ID: #VU91372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35922
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Incorrect calculation
EUVDB-ID: #VU93614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35813
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Information disclosure
EUVDB-ID: #VU91360
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Use-after-free
EUVDB-ID: #VU90186
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26961
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper locking
EUVDB-ID: #VU92043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26687
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Incorrect calculation
EUVDB-ID: #VU93613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35900
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Memory leak
EUVDB-ID: #VU91639
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __asm__() and copy_thread() functions in arch/riscv/kernel/process.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Resource management error
EUVDB-ID: #VU93190
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36005
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Resource management error
EUVDB-ID: #VU93297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26989
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kernel_page_present() function in arch/arm64/mm/pageattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Resource management error
EUVDB-ID: #VU93270
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds read
EUVDB-ID: #VU91398
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq6018.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper error handling
EUVDB-ID: #VU90944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35935
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Out-of-bounds read
EUVDB-ID: #VU91095
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27008
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU90318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26981
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Resource management error
EUVDB-ID: #VU93269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35897
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer overflow
EUVDB-ID: #VU93305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26988
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_command_line() function in init/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Infinite loop
EUVDB-ID: #VU91412
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Use of uninitialized resource
EUVDB-ID: #VU90874
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35915
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU93464
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35822
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds read
EUVDB-ID: #VU91394
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Buffer overflow
EUVDB-ID: #VU93150
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU90143
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35969
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Off-by-one
EUVDB-ID: #VU91172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36025
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper locking
EUVDB-ID: #VU91450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27000
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Double free
EUVDB-ID: #VU90894
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26929
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Use-after-free
EUVDB-ID: #VU90169
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27395
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Buffer overflow
EUVDB-ID: #VU93241
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35825
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Incorrect calculation
EUVDB-ID: #VU93612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36007
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Infinite loop
EUVDB-ID: #VU91413
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU90162
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper locking
EUVDB-ID: #VU91536
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26629
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Improper error handling
EUVDB-ID: #VU90949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35785
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the optee_register_device() function in drivers/tee/optee/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Buffer overflow
EUVDB-ID: #VU93243
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26994
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Input validation error
EUVDB-ID: #VU94144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU91644
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26977
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Memory leak
EUVDB-ID: #VU89353
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27393
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to perform DoS attack on the target system.
The vulnerability exists due memory leak within the xennet_alloc_one_rx_buffer() function in xen-netback implementation. A malicious guest userspace process can exhaust memory resources within the guest kernel and perform a denial of service (DoS) attack.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper locking
EUVDB-ID: #VU91449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26999
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Information disclosure
EUVDB-ID: #VU91345
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) NULL pointer dereference
EUVDB-ID: #VU92068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36008
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_route_use_hint() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Out-of-bounds read
EUVDB-ID: #VU91397
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Use-after-free
EUVDB-ID: #VU90160
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU90507
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35933
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Resource management error
EUVDB-ID: #VU92969
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27001
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU90542
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35940
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU90563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26931
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Resource management error
EUVDB-ID: #VU93838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36006
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU90145
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35955
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Buffer overflow
EUVDB-ID: #VU88543
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26811
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when installing malicious ksmbd-tools. A local user can force the ksmbd.mountd to return invalid ipc response to ksmbd kernel server, trigger memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Resource management error
EUVDB-ID: #VU93256
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35872
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/secretmem.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Input validation error
EUVDB-ID: #VU94121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Race condition
EUVDB-ID: #VU91475
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Use-after-free
EUVDB-ID: #VU90184
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26996
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Buffer overflow
EUVDB-ID: #VU93152
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35804
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the emulator_cmpxchg_emulated() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Input validation error
EUVDB-ID: #VU94126
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35918
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/randomize_kstack.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Input validation error
EUVDB-ID: #VU94131
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27016
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_xmit_xfrm(), nf_flow_skb_encap_protocol() and nf_flow_encap_pop() functions in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Use-after-free
EUVDB-ID: #VU90168
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27396
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Buffer overflow
EUVDB-ID: #VU93153
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35823
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Double free
EUVDB-ID: #VU90891
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35847
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Improper locking
EUVDB-ID: #VU91513
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35990
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xilinx_dpdma_chan_vsync_irq(), xilinx_dpdma_issue_pending() and xilinx_dpdma_chan_err_task() functions in drivers/dma/xilinx/xilinx_dpdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper error handling
EUVDB-ID: #VU93652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26955
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Improper error handling
EUVDB-ID: #VU93651
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35890
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_gro_receive_list() and skb_gro_receive() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Race condition within a thread
EUVDB-ID: #VU91427
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35898
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use of uninitialized resource
EUVDB-ID: #VU90873
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35888
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Memory leak
EUVDB-ID: #VU91638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35877
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Improper locking
EUVDB-ID: #VU92021
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35910
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU92025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35821
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU90187
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26951
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Input validation error
EUVDB-ID: #VU94132
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_tuple_encap() function in net/netfilter/nf_flow_table_ip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Memory leak
EUVDB-ID: #VU91640
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35912
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iwl_rfi_get_freq_table() function in drivers/net/wireless/intel/iwlwifi/mvm/rfi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Use-after-free
EUVDB-ID: #VU90185
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Resource management error
EUVDB-ID: #VU93192
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35901
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Integer underflow
EUVDB-ID: #VU91674
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Use of uninitialized resource
EUVDB-ID: #VU93083
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35927
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the reschedule_output_poll_work() and EXPORT_SYMBOL() functions in drivers/gpu/drm/drm_probe_helper.c, within the drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() functions in drivers/gpu/drm/drm_modeset_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Out-of-bounds read
EUVDB-ID: #VU90305
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Use-after-free
EUVDB-ID: #VU90165
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Out-of-bounds read
EUVDB-ID: #VU90304
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the manage_oob() function in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Improper locking
EUVDB-ID: #VU90770
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Resource management error
EUVDB-ID: #VU93472
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35989
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) NULL pointer dereference
EUVDB-ID: #VU91458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Improper locking
EUVDB-ID: #VU91519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35805
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use of uninitialized resource
EUVDB-ID: #VU91675
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36020
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper error handling
EUVDB-ID: #VU90942
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35936
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Input validation error
EUVDB-ID: #VU89054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Improper locking
EUVDB-ID: #VU91318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26810
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Resource management error
EUVDB-ID: #VU93271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35815
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aio_setup_ring() and kiocb_set_cancel_fn() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Resource management error
EUVDB-ID: #VU92981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Memory leak
EUVDB-ID: #VU89979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35879
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Buffer overflow
EUVDB-ID: #VU93240
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35938
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ARRAY_SIZE() function in drivers/net/wireless/ath/ath11k/mhi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Resource management error
EUVDB-ID: #VU93595
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-aws to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.116.126~20.04.1
linux-image-azure-fde (Ubuntu package): before 5.15.0.1068.77~20.04.1.45
linux-image-5.15.0-116-generic-lpae (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic-64k (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-5.15.0-116-generic (Ubuntu package): before 5.15.0-116.126~20.04.1
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1068.77.45
linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1065.65
linux-image-5.15.0-1068-azure-fde (Ubuntu package): before 5.15.0-1068.77~20.04.1.1
linux-image-5.15.0-1065-aws (Ubuntu package): before 5.15.0-1065.71
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6898-3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
