Ubuntu update for linux-oracle
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 90 |
| CVE-ID | CVE-2024-26584 CVE-2023-52434 CVE-2024-36933 CVE-2024-36286 CVE-2024-36886 CVE-2024-38579 CVE-2022-48772 CVE-2024-39493 CVE-2024-38637 CVE-2024-36016 CVE-2023-52752 CVE-2024-38558 CVE-2024-39488 CVE-2024-38559 CVE-2024-36919 CVE-2024-36905 CVE-2024-39489 CVE-2024-39475 CVE-2021-47131 CVE-2024-26585 CVE-2024-38578 CVE-2024-38567 CVE-2024-38596 CVE-2024-38598 CVE-2024-36940 CVE-2024-38552 CVE-2024-37356 CVE-2024-38780 CVE-2024-38589 CVE-2024-36959 CVE-2024-27399 CVE-2024-36017 CVE-2024-38661 CVE-2024-36939 CVE-2024-36904 CVE-2024-36902 CVE-2024-38381 CVE-2024-36883 CVE-2024-37353 CVE-2024-38560 CVE-2024-39292 CVE-2024-36934 CVE-2024-38621 CVE-2024-38599 CVE-2024-36941 CVE-2022-48655 CVE-2024-26886 CVE-2024-36014 CVE-2024-38613 CVE-2024-27398 CVE-2024-27019 CVE-2024-36954 CVE-2024-39471 CVE-2024-26583 CVE-2024-35947 CVE-2024-31076 CVE-2024-38659 CVE-2024-38549 CVE-2024-38618 CVE-2024-38565 CVE-2024-27401 CVE-2022-48674 CVE-2024-38582 CVE-2024-38634 CVE-2024-38627 CVE-2024-39480 CVE-2024-36015 CVE-2023-52585 CVE-2024-36270 CVE-2024-26907 CVE-2024-38615 CVE-2024-38600 CVE-2024-38612 CVE-2024-36946 CVE-2024-39301 CVE-2024-38601 CVE-2024-38635 CVE-2024-33621 CVE-2024-36964 CVE-2024-38633 CVE-2024-39467 CVE-2024-38607 CVE-2024-36971 CVE-2024-35976 CVE-2024-38587 CVE-2023-52882 CVE-2024-36950 CVE-2024-39276 CVE-2024-36960 CVE-2024-38583 |
| CWE-ID | CWE-388 CWE-119 CWE-908 CWE-667 CWE-416 CWE-476 CWE-401 CWE-787 CWE-20 CWE-125 CWE-362 CWE-369 CWE-366 CWE-415 CWE-200 CWE-399 CWE-252 CWE-835 CWE-269 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #83 is being exploited in the wild. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-oracle-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1129-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 90 vulnerabilities.
1) Error handling
EUVDB-ID: #VU89001
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26584
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU88283
Risk: Medium
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52434
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU94086
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39493
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU93046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU89898
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36016
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU90223
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_ctx_create() function in net/tls/tls_main.c, within the tls_validate_xmit_skb() function in net/tls/tls_device_fallback.c, within the tls_device_gc_task(), tls_device_rx_resync_new_rec(), tls_device_decrypted() and tls_device_down() functions in net/tls/tls_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Race condition
EUVDB-ID: #VU89251
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26585
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Race condition within a thread
EUVDB-ID: #VU92380
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU93024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper locking
EUVDB-ID: #VU92365
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Information disclosure
EUVDB-ID: #VU91321
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use of uninitialized resource
EUVDB-ID: #VU93042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU93179
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37353
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Resource management error
EUVDB-ID: #VU93178
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39292
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the register_winch_irq() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU90528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU91400
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48655
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU90200
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Race condition within a thread
EUVDB-ID: #VU91431
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27019
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Race condition
EUVDB-ID: #VU87596
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26583
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper error handling
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Memory leak
EUVDB-ID: #VU93016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU90174
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the fs/erofs/internal.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU91241
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_query_error_status_helper() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Improper locking
EUVDB-ID: #VU92037
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Input validation error
EUVDB-ID: #VU94120
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper locking
EUVDB-ID: #VU92360
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38600
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use-after-free
EUVDB-ID: #VU92314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38612
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU93032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Out-of-bounds read
EUVDB-ID: #VU93325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39467
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU93181
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
84) Out-of-bounds read
EUVDB-ID: #VU90305
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35976
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Out-of-bounds read
EUVDB-ID: #VU92321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38587
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper error handling
EUVDB-ID: #VU92055
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-oracle to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1129.122
linux-image-5.4.0-1129-oracle (Ubuntu package): before Ubuntu Pro
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-6953-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
