Ubuntu update for linux-raspi

1) NULL pointer dereference

EUVDB-ID: #VU73764

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38096

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:
• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU91599

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6270

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU85422

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7042

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU89389

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0841

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Deserialization of Untrusted Data

EUVDB-ID: #VU89676

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21823

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU87192

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22099

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU88102

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23307

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Race condition

EUVDB-ID: #VU92719

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24857

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to damange or delete data.

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU92720

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24858

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU92721

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24859

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Race condition

EUVDB-ID: #VU91634

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24861

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper check for unusual or exceptional conditions

EUVDB-ID: #VU92399

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25739

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU90557

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource management error

EUVDB-ID: #VU92970

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26838

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the irdma_destroy_irq() function in drivers/infiniband/hw/irdma/hw.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper locking

EUVDB-ID: #VU92034

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26925

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper locking

EUVDB-ID: #VU90784

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26790

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the FSL_QDMA_CMD_PF BIT() and fsl_qdma_comp_fill_memcpy() functions in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper error handling

EUVDB-ID: #VU93652

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26955

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use of uninitialized resource

EUVDB-ID: #VU92003

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27431

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_map_bpf_prog_run_xdp() function in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Race condition

EUVDB-ID: #VU88938

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26737

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between the bpf_timer_cancel_and_free and bpf_timer_cancel calls in kernel/bpf/helpers.c. A local user can exploit the race and escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) NULL pointer dereference

EUVDB-ID: #VU90521

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27044

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU90561

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26964

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Resource management error

EUVDB-ID: #VU92988

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26880

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU91119

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26926

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU93404

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26843

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU90215

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26735

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU90578

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26881

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Infinite loop

EUVDB-ID: #VU93068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52644

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU90598

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26747

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU93154

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27405

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/usb/gadget/function/f_ncm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU90193

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26875

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Out-of-bounds read

EUVDB-ID: #VU90309

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35896

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU90446

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35829

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Resource management error

EUVDB-ID: #VU93200

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26877

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU90576

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26855

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU92951

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27414

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtnl_bridge_setlink() function in net/core/rtnetlink.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Resource management error

EUVDB-ID: #VU93269

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35897

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Input validation error

EUVDB-ID: #VU91609

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35845

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU93770

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26601

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU93595

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35817

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Resource management error

EUVDB-ID: #VU93838

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36006

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU91062

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Race condition within a thread

EUVDB-ID: #VU91431

Risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27019

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Memory leak

EUVDB-ID: #VU91644

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26977

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper Initialization

EUVDB-ID: #VU91553

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26803

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the veth_enable_xdp(), veth_disable_xdp() and veth_xdp_set() functions in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU91536

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26629

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU93243

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26994

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Memory leak

EUVDB-ID: #VU90450

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) NULL pointer dereference

EUVDB-ID: #VU90592

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52641

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ni_find_attr() and run_truncate_around() functions in fs/ntfs3/attrib.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU94131

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27016

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_flow_xmit_xfrm(), nf_flow_skb_encap_protocol() and nf_flow_encap_pop() functions in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Incorrect calculation

EUVDB-ID: #VU89392

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26752

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU90555

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27028

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Integer overflow

EUVDB-ID: #VU88544

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26817

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU90005

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26840

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Out-of-bounds read

EUVDB-ID: #VU91397

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26969

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Out-of-bounds read

EUVDB-ID: #VU91393

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26965

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use of obsolete function

EUVDB-ID: #VU93856

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52656

CWE-ID: CWE-477 - Use of Obsolete Function

Exploit availability: No

The vulnerability allows a local user to have negative impact on system performance.

The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Use of uninitialized resource

EUVDB-ID: #VU90872

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35973

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory leak

EUVDB-ID: #VU89983

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35852

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Unchecked Return Value

EUVDB-ID: #VU87902

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26651

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU93774

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27432

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Information disclosure

EUVDB-ID: #VU93869

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27416

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error within the hci_io_capa_request_evt() function in net/bluetooth/hci_event.c when handling HCI_EV_IO_CAPA_REQUEST packets. A remote attacker on the local network can force the system to assume that the remote peer does support SSP and potentially gain access to sensitive information.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Double free

EUVDB-ID: #VU90897

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26792

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Memory leak

EUVDB-ID: #VU91638

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35877

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Error handling

EUVDB-ID: #VU89001

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26584

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) NULL pointer dereference

EUVDB-ID: #VU92070

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26903

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU90187

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26951

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Race condition within a thread

EUVDB-ID: #VU91433

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26861

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Resource management error

EUVDB-ID: #VU93194

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27412

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bq27xxx_battery_i2c_remove() function in drivers/power/supply/bq27xxx_battery_i2c.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Resource management error

EUVDB-ID: #VU92972

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26788

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the fsl_qdma_probe() function in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Incorrect calculation

EUVDB-ID: #VU93614

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35813

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) NULL pointer dereference

EUVDB-ID: #VU90563

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26931

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper access control

EUVDB-ID: #VU89268

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52620

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Stack-based buffer overflow

EUVDB-ID: #VU91298

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27075

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU92068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36008

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip_route_use_hint() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use-after-free

EUVDB-ID: #VU90163

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Division by zero

EUVDB-ID: #VU91374

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27059

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Improper locking

EUVDB-ID: #VU90755

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35806

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Resource management error

EUVDB-ID: #VU93859

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26763

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use-after-free

EUVDB-ID: #VU90145

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35955

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper error handling

EUVDB-ID: #VU90942

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35936

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU91063

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26856

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sparx5_del_mact_entry() function in drivers/net/ethernet/microchip/sparx5/sparx5_mactable.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Out-of-bounds read

EUVDB-ID: #VU91394

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26966

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use-after-free

EUVDB-ID: #VU90143

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35969

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper Initialization

EUVDB-ID: #VU93351

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35960

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU90553

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35796

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Improper locking

EUVDB-ID: #VU91318

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Race condition within a thread

EUVDB-ID: #VU91434

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26862

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU88283

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52434

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) NULL pointer dereference

EUVDB-ID: #VU90519

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27046

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Improper locking

EUVDB-ID: #VU91449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26999

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Division by zero

EUVDB-ID: #VU91378

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26778

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Resource exhaustion

EUVDB-ID: #VU93097

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52497

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU93256

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35872

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the include/linux/secretmem.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Race condition

EUVDB-ID: #VU89251

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26585

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Memory leak

EUVDB-ID: #VU89973

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35978

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Input validation error

EUVDB-ID: #VU94126

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35918

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the include/linux/randomize_kstack.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Memory leak

EUVDB-ID: #VU89979

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35879

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Use-after-free

EUVDB-ID: #VU90197

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26898

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) NULL pointer dereference

EUVDB-ID: #VU90572

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26879

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Use of uninitialized resource

EUVDB-ID: #VU90878

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26882

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) NULL pointer dereference

EUVDB-ID: #VU90517

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52650

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Buffer overflow

EUVDB-ID: #VU93150

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35884

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Use-after-free

EUVDB-ID: #VU90168

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27396

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper error handling

EUVDB-ID: #VU90949

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35785

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the optee_register_device() function in drivers/tee/optee/device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Resource management error

EUVDB-ID: #VU93190

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Resource management error

EUVDB-ID: #VU93472

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35989

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Memory leak

EUVDB-ID: #VU90444

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52662

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) NULL pointer dereference

EUVDB-ID: #VU91235

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35857

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the icmp_build_probe() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Integer underflow

EUVDB-ID: #VU91674

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Incorrect calculation

EUVDB-ID: #VU93759

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27054

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU90603

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Infinite loop

EUVDB-ID: #VU91412

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35997

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Infinite loop

EUVDB-ID: #VU89248

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26603

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Resource management error

EUVDB-ID: #VU93775

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26820

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Use of uninitialized resource

EUVDB-ID: #VU90874

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35915

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Infinite loop

EUVDB-ID: #VU91411

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35982

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) NULL pointer dereference

EUVDB-ID: #VU90575

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Use-after-free

EUVDB-ID: #VU90209

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26801

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Improper error handling

EUVDB-ID: #VU92058

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26814

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Buffer overflow

EUVDB-ID: #VU91310

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27045

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) NULL pointer dereference

EUVDB-ID: #VU90580

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26897

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Improper locking

EUVDB-ID: #VU90752

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35895

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Resource management error

EUVDB-ID: #VU93839

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35944

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Buffer overflow

EUVDB-ID: #VU93152

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35804

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the emulator_cmpxchg_emulated() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Use of uninitialized resource

EUVDB-ID: #VU90879

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26805

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Use-after-free

EUVDB-ID: #VU90180

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27052

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) NULL pointer dereference

EUVDB-ID: #VU90839

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35851

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qca_prevent_wake() function in drivers/bluetooth/hci_qca.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Incorrect calculation

EUVDB-ID: #VU93613

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35900

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Resource management error

EUVDB-ID: #VU93270

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35807

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Memory leak

EUVDB-ID: #VU91650

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26816

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-raspi to the latest version.

Ubuntu: 22.04

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1058.56

linux-image-raspi (Ubuntu package): before 5.15.0.1058.56

linux-image-5.15.0-1058-raspi (Ubuntu package): before 5.15.0-1058.61

• cpe:2.3:o:canonical:linux-image-raspi-nolpae_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:
• cpe:2.3:o:canonical:linux-image-5.15.0-1058-raspi_ubuntu_package:*:*:*:*:*:ubuntu:*:

http://ubuntu.com/security/notices/USN-6919-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper locking

EUVDB-ID: #VU90787

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26769

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nvmet_fc_tgt_a_get(), __nvmet_fc_finish_ls_req() and nvmet_fc_register_targetport() functions in drivers/nvme/target/fc.c. A local user can perform a denial of service (DoS) attack.