Ubuntu update for linux-oem-6.5
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 100 |
| CVE-ID | CVE-2023-6270 CVE-2024-0841 CVE-2024-1151 CVE-2024-23307 CVE-2024-24861 CVE-2023-52638 CVE-2024-26684 CVE-2024-26659 CVE-2024-26708 CVE-2024-26663 CVE-2024-26662 CVE-2024-26789 CVE-2024-26831 CVE-2024-26703 CVE-2023-52643 CVE-2024-26688 CVE-2024-26733 CVE-2024-26818 CVE-2024-26707 CVE-2024-26820 CVE-2024-26719 CVE-2024-26726 CVE-2024-26830 CVE-2024-26694 CVE-2024-26715 CVE-2024-26829 CVE-2024-26697 CVE-2024-26916 CVE-2024-26735 CVE-2024-26717 CVE-2024-26748 CVE-2024-26696 CVE-2024-26710 CVE-2024-26642 CVE-2024-26680 CVE-2024-26675 CVE-2024-26723 CVE-2024-26718 CVE-2024-26666 CVE-2024-26720 CVE-2024-26838 CVE-2024-26824 CVE-2024-26676 CVE-2024-26665 CVE-2024-26693 CVE-2024-26698 CVE-2024-26890 CVE-2024-26601 CVE-2024-26826 CVE-2024-26711 CVE-2024-26602 CVE-2023-52645 CVE-2024-26716 CVE-2024-26660 CVE-2023-52642 CVE-2024-26898 CVE-2024-26803 CVE-2024-26923 CVE-2024-26722 CVE-2024-26677 CVE-2024-26825 CVE-2024-26606 CVE-2024-26790 CVE-2024-26828 CVE-2024-26910 CVE-2024-26681 CVE-2024-26689 CVE-2024-26667 CVE-2024-26798 CVE-2024-26679 CVE-2023-52631 CVE-2024-26926 CVE-2024-26661 CVE-2024-26700 CVE-2023-52637 CVE-2024-26919 CVE-2024-26917 CVE-2024-26712 CVE-2024-26889 CVE-2024-26674 CVE-2024-26792 CVE-2024-35833 CVE-2024-26822 CVE-2024-26734 CVE-2024-26691 CVE-2024-26685 CVE-2024-26782 CVE-2024-26702 CVE-2024-26600 CVE-2024-26922 CVE-2024-26593 CVE-2024-26736 CVE-2024-26920 CVE-2024-26603 CVE-2024-26714 CVE-2024-27416 CVE-2024-26695 CVE-2023-52880 CVE-2024-26664 CVE-2024-26802 |
| CWE-ID | CWE-416 CWE-476 CWE-121 CWE-190 CWE-362 CWE-667 CWE-388 CWE-119 CWE-125 CWE-401 CWE-617 CWE-399 CWE-20 CWE-415 CWE-200 CWE-284 CWE-369 CWE-665 CWE-400 CWE-269 CWE-191 CWE-823 CWE-835 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-oem-22.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04a (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.5.0-1027-oem (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 100 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU89389
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Stack-based buffer overflow
EUVDB-ID: #VU87165
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1151
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU91634
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24861
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU90796
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52638
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_jsk_add(), j1939_sk_recv_match(), j1939_sk_recv(), j1939_sk_errqueue() and j1939_sk_netdev_event_netdown() functions in net/can/j1939/socket.c, within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper error handling
EUVDB-ID: #VU90952
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26684
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dwxgmac3_handle_dma_err(), dwxgmac3_safety_feat_config(), dwxgmac3_safety_feat_irq_status() and dwxgmac3_safety_feat_dump() functions in drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU93244
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the process_isoc_td() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Race condition
EUVDB-ID: #VU93430
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26708
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the subflow_simultaneous_connect() function in net/mptcp/protocol.h. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) NULL pointer dereference
EUVDB-ID: #VU92073
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tipc_nl_bearer_add() function in net/tipc/bearer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90611
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26662
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn21_set_backlight_level() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU90328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26789
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ctr_encrypt() function in arch/arm64/crypto/aes-neonbs-glue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU90003
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26831
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the handshake_req_destroy_test1() function in net/handshake/handshake-test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90606
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26703
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the timerlat_fd_open() and timerlat_fd_read() functions in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU90470
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52643
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iio_device_register_sysfs() function in drivers/iio/industrialio-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Reachable assertion
EUVDB-ID: #VU90910
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26818
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the set_cpu_dma_latency() function in tools/tracing/rtla/src/utils.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource management error
EUVDB-ID: #VU93206
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26707
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the send_hsr_supervision_frame() and send_prp_supervision_frame() functions in net/hsr/hsr_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU93775
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26820
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU90794
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26719
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nouveau_fence_context_kill(), nouveau_fence_update(), nouveau_fence_wait_uevent_handler() and nouveau_fence_context_new() functions in drivers/gpu/drm/nouveau/nouveau_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU90791
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26726
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clear_extent_uptodate() function in fs/btrfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU94135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_check_vf_permission() and i40e_vc_del_mac_addr_msg() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Double free
EUVDB-ID: #VU90928
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26694
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the iwl_dealloc_ucode() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU90608
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26715
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_gadget_suspend() function in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory leak
EUVDB-ID: #VU90475
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26829
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the irtoy_tx() function in drivers/media/rc/ir_toy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information disclosure
EUVDB-ID: #VU91365
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the nilfs_prepare_segment_for_recovery(), nilfs_recovery_copy_block() and nilfs_recover_dsync_blocks() functions in fs/nilfs2/recovery.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU90779
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_gfx_off_ctrl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c, within the amdgpu_device_suspend() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90215
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU93058
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26717
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_hid_of_probe() function in drivers/hid/i2c-hid/i2c-hid-of.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90213
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26748
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cdns3_gadget_giveback() function in drivers/usb/cdns3/gadget.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU90795
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26696
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Stack-based buffer overflow
EUVDB-ID: #VU91301
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26710
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the arch/powerpc/include/asm/thread_info.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU93350
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26680
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aq_ring_free() function in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() and aq_ptp_ring_free() functions in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU90610
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26723
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lan966x_lag_set_aggr_pgids() function in drivers/net/ethernet/microchip/lan966x/lan966x_lag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU91203
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26718
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the verity_work() and verity_end_io() functions in drivers/md/dm-verity-target.c, within the crypt_io_init(), crypt_inc_pending(), crypt_dec_pending(), kcryptd_crypt() and kcryptd_queue_crypt() functions in drivers/md/dm-crypt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU94140
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26666
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Resource management error
EUVDB-ID: #VU92970
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26838
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the irdma_destroy_irq() function in drivers/infiniband/hw/irdma/hw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU93806
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26824
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the hash_sendmsg() and af_alg_free_sg() functions in crypto/algif_hash.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU90337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26676
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the unix_gc() function in net/unix/garbage.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU90336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iptunnel_pmtud_build_icmpv6() function in net/ipv4/ip_tunnel_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper Initialization
EUVDB-ID: #VU91554
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26693
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the iwl_mvm_is_dup() function in drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c, within the iwl_mvm_sta_state_notexist_to_none() function in drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Race condition
EUVDB-ID: #VU91482
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26698
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU90323
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26890
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in drivers/bluetooth/hci_h5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU93770
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU92038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26826
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retransmit_pending_data() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU94136
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ad4130_setup_int_clk() function in drivers/iio/adc/ad4130.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Resource exhaustion
EUVDB-ID: #VU87499
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26602
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Race condition
EUVDB-ID: #VU91477
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52645
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the scpsys_add_subdomain() and scpsys_remove_one_domain() functions in drivers/soc/mediatek/mtk-pm-domains.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU90609
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26716
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_port_device_state() function in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU90334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26660
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn301_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper privilege management
EUVDB-ID: #VU93736
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52642
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the lirc_dev_exit() and rc_dev_get_from_fd() functions in drivers/media/rc/lirc_dev.c, within the lirc_prog_attach(), lirc_prog_detach() and lirc_prog_query() functions in drivers/media/rc/bpf-lirc.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper Initialization
EUVDB-ID: #VU91553
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26803
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the veth_enable_xdp(), veth_disable_xdp() and veth_xdp_set() functions in drivers/net/veth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU90793
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26722
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Memory leak
EUVDB-ID: #VU93765
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26825
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Resource management error
EUVDB-ID: #VU89247
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26606
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU90784
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26790
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the FSL_QDMA_CMD_PF BIT() and fsl_qdma_comp_fill_memcpy() functions in drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Integer underflow
EUVDB-ID: #VU91674
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Race condition
EUVDB-ID: #VU91476
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26910
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_set_destroy() and list_set_same_set() functions in net/netfilter/ipset/ip_set_list_set.c, within the ip_set_destroy_set(), ip_set_destroy(), ip_set_swap() and ip_set_fini() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Improper locking
EUVDB-ID: #VU91453
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26681
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nsim_dev_trap_report_work() function in drivers/net/netdevsim/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Improper locking
EUVDB-ID: #VU93769
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26667
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dpu_encoder_helper_phys_cleanup() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Resource management error
EUVDB-ID: #VU92989
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26798
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the fbcon_do_set_font() function in drivers/video/fbdev/core/fbcon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU91240
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52631
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fs/ntfs3/ntfs_fs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU91119
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26926
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Resource management error
EUVDB-ID: #VU93260
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26661
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn21_set_abm_immediate_disable() function in drivers/gpu/drm/amd/display/dc/dcn21/dcn21_hwseq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU90605
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26700
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_atomic_check() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use-after-free
EUVDB-ID: #VU90218
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_sk_match_dst(), j1939_sk_match_filter(), j1939_sk_init() and j1939_sk_setsockopt() functions in net/can/j1939/socket.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Memory leak
EUVDB-ID: #VU91647
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26919
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ulpi_register() function in drivers/usb/common/ulpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper locking
EUVDB-ID: #VU90778
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Buffer overflow
EUVDB-ID: #VU93400
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26712
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Buffer overflow
EUVDB-ID: #VU91312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26889
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improper error handling
EUVDB-ID: #VU92946
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26674
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the SYM_CODE_START_LOCAL() function in arch/x86/lib/putuser.S, within the SYM_CODE_END() function in arch/x86/lib/getuser.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Double free
EUVDB-ID: #VU90897
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26792
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU89986
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35833
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/dma/fsl-qdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Resource management error
EUVDB-ID: #VU93872
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26822
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the automount_fullpath() and cifs_do_automount() functions in fs/smb/client/namespace.c. A local user can force the SMB client to reuse its parent mount uid, gid and cruid and gain unauthorized access to information.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Memory leak
EUVDB-ID: #VU90009
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26734
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devlink_init() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU91532
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26691
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kvm_hyp_reserve(), __pkvm_create_hyp_vm() and pkvm_create_hyp_vm() functions in arch/arm64/kvm/pkvm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Race condition
EUVDB-ID: #VU91481
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26685
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nilfs_segctor_prepare_write(), nilfs_abort_logs() and nilfs_segctor_complete_write() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Double free
EUVDB-ID: #VU90927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26782
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Out-of-bounds read
EUVDB-ID: #VU91100
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Input validation error
EUVDB-ID: #VU89054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Out-of-bounds read
EUVDB-ID: #VU89250
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26593
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the i801_block_transaction_by_block() function in drivers/i2c/busses/i2c-i801.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Buffer overflow
EUVDB-ID: #VU92007
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the afs_update_volume_status() function in fs/afs/volume.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Infinite loop
EUVDB-ID: #VU89248
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26603
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Input validation error
EUVDB-ID: #VU94137
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26714
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/interconnect/qcom/sc8180x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Information disclosure
EUVDB-ID: #VU93869
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27416
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error within the hci_io_capa_request_evt() function in net/bluetooth/hci_event.c when handling HCI_EV_IO_CAPA_REQUEST packets. A remote attacker on the local network can force the system to assume that the remote peer
does support SSP and potentially gain access to sensitive information.
Update the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) NULL pointer dereference
EUVDB-ID: #VU90604
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26695
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/crypto/ccp/sev-dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Out-of-bounds read
EUVDB-ID: #VU90335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26664
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU90589
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26802
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the stmmac_fpe_stop_wq() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oem-6.5 to the latest version.
Vulnerable software versionsUbuntu: 22.04
linux-image-oem-22.04d (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04c (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04b (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04a (Ubuntu package): before 6.5.0.1027.29
linux-image-oem-22.04 (Ubuntu package): before 6.5.0.1027.29
linux-image-6.5.0-1027-oem (Ubuntu package): before 6.5.0-1027.28
External linkshttp://ubuntu.com/security/notices/USN-6895-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
