Ubuntu update for linux-azure
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 30 |
| CVE-ID | CVE-2023-46343 CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 CVE-2024-25739 CVE-2024-25744 CVE-2024-26884 CVE-2024-26882 CVE-2024-26923 CVE-2024-26840 CVE-2023-52435 CVE-2024-35984 CVE-2024-26886 CVE-2023-52752 CVE-2023-52436 CVE-2024-36016 CVE-2024-26857 CVE-2024-36902 CVE-2023-52443 CVE-2024-35997 CVE-2024-35982 CVE-2023-52469 CVE-2024-27020 CVE-2024-35978 CVE-2024-26934 CVE-2024-27013 CVE-2023-52449 CVE-2024-26901 CVE-2023-52444 CVE-2023-52620 |
| CWE-ID | CWE-476 CWE-362 CWE-754 CWE-264 CWE-119 CWE-908 CWE-667 CWE-401 CWE-416 CWE-200 CWE-787 CWE-835 CWE-366 CWE-617 CWE-284 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-4.15.0-1179-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 30 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU86243
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46343
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the send_acknowledge() function in net/nfc/nci/spi.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU92719
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24857
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU92720
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24858
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU92721
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24859
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92399
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25739
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU87191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25744
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use of uninitialized resource
EUVDB-ID: #VU90878
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26882
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU87748
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52435
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the skb_segment() function. A local user can trigger memory corruption and crash the kernel.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU91458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90200
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Information disclosure
EUVDB-ID: #VU87592
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52436
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the __f2fs_setxattr() function in fs/f2fs/xattr.c, does not empty by default the unused space in the xattr list. A local user can gain access to potentially sensitive information.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU90876
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26857
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) NULL pointer dereference
EUVDB-ID: #VU89245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52443
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Infinite loop
EUVDB-ID: #VU91412
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Race condition within a thread
EUVDB-ID: #VU91432
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27020
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU89973
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35978
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU87742
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52449
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in mtd. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Reachable assertion
EUVDB-ID: #VU90918
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52444
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to reachable assertion within the f2fs_rename() function in fs/f2fs/namei.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper access control
EUVDB-ID: #VU89268
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52620
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-4.15.0-1179-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure-lts-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6926-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
