Ubuntu update for linux-lowlatency
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 226 |
| CVE-ID | CVE-2024-36006 CVE-2024-36922 CVE-2024-38567 CVE-2024-38584 CVE-2024-36923 CVE-2024-36892 CVE-2024-35855 CVE-2024-35853 CVE-2024-38562 CVE-2024-36920 CVE-2024-38543 CVE-2024-38576 CVE-2024-38572 CVE-2024-36898 CVE-2024-38560 CVE-2024-36004 CVE-2024-36956 CVE-2024-36881 CVE-2024-36977 CVE-2024-36955 CVE-2024-36906 CVE-2024-36013 CVE-2024-36884 CVE-2024-38563 CVE-2024-36966 CVE-2024-38547 CVE-2024-38594 CVE-2024-36926 CVE-2024-38587 CVE-2024-38566 CVE-2024-27400 CVE-2024-36941 CVE-2024-36017 CVE-2024-38544 CVE-2024-36899 CVE-2024-35851 CVE-2024-38577 CVE-2024-38590 CVE-2024-38568 CVE-2024-38559 CVE-2024-38611 CVE-2024-36887 CVE-2024-36886 CVE-2024-35996 CVE-2024-38612 CVE-2024-36925 CVE-2024-38586 CVE-2024-38596 CVE-2024-36932 CVE-2024-39482 CVE-2024-38585 CVE-2024-36033 CVE-2024-38614 CVE-2024-35852 CVE-2024-36908 CVE-2024-36939 CVE-2024-36963 CVE-2024-27401 CVE-2024-36029 CVE-2024-38540 CVE-2024-38565 CVE-2024-36927 CVE-2024-36910 CVE-2024-42134 CVE-2024-36888 CVE-2024-35859 CVE-2024-36911 CVE-2024-35947 CVE-2024-36940 CVE-2024-36921 CVE-2024-36913 CVE-2024-36943 CVE-2024-35986 CVE-2024-38616 CVE-2024-36900 CVE-2024-36954 CVE-2024-36915 CVE-2024-38602 CVE-2024-41011 CVE-2024-35991 CVE-2024-36909 CVE-2024-38603 CVE-2023-52882 CVE-2024-36953 CVE-2024-38599 CVE-2024-38574 CVE-2024-36967 CVE-2024-36895 CVE-2024-36003 CVE-2024-36961 CVE-2024-38545 CVE-2024-38538 CVE-2024-36001 CVE-2024-36912 CVE-2024-36952 CVE-2024-38550 CVE-2024-38570 CVE-2024-36969 CVE-2024-38595 CVE-2024-35849 CVE-2024-36936 CVE-2024-35949 CVE-2024-36009 CVE-2024-35987 CVE-2024-38541 CVE-2024-38564 CVE-2024-36032 CVE-2024-38615 CVE-2024-36960 CVE-2024-36934 CVE-2024-36951 CVE-2024-35999 CVE-2024-38551 CVE-2024-36903 CVE-2024-36931 CVE-2024-38593 CVE-2024-36938 CVE-2024-38607 CVE-2024-36928 CVE-2024-38552 CVE-2024-36002 CVE-2024-38605 CVE-2024-38582 CVE-2024-36933 CVE-2024-38620 CVE-2024-27395 CVE-2024-27396 CVE-2024-36012 CVE-2024-38591 CVE-2024-38597 CVE-2024-36889 CVE-2024-36964 CVE-2024-38606 CVE-2024-38553 CVE-2024-36945 CVE-2024-35848 CVE-2024-36962 CVE-2024-36947 CVE-2024-27399 CVE-2024-38546 CVE-2024-38583 CVE-2024-38573 CVE-2024-35850 CVE-2024-38549 CVE-2024-38588 CVE-2024-38610 CVE-2024-36917 CVE-2024-36957 CVE-2024-35846 CVE-2024-38579 CVE-2024-36965 CVE-2024-35857 CVE-2024-38548 CVE-2024-36975 CVE-2024-36919 CVE-2024-38542 CVE-2024-36948 CVE-2024-36011 CVE-2024-38556 CVE-2024-36897 CVE-2024-38557 CVE-2024-36890 CVE-2024-36882 CVE-2024-38613 CVE-2024-36914 CVE-2024-35998 CVE-2024-36958 CVE-2024-38580 CVE-2024-36896 CVE-2024-36891 CVE-2024-36924 CVE-2024-38589 CVE-2024-38592 CVE-2024-36904 CVE-2024-36894 CVE-2024-36028 CVE-2024-36014 CVE-2024-36880 CVE-2024-36944 CVE-2024-38598 CVE-2024-36929 CVE-2024-36883 CVE-2024-35858 CVE-2024-38555 CVE-2024-36005 CVE-2024-38539 CVE-2024-35994 CVE-2024-36030 CVE-2024-27394 CVE-2024-36930 CVE-2024-36937 CVE-2024-38561 CVE-2024-38578 CVE-2024-36959 CVE-2024-36935 CVE-2024-36916 CVE-2024-36902 CVE-2024-38604 CVE-2024-38554 CVE-2024-38575 CVE-2024-36918 CVE-2024-36979 CVE-2024-35854 CVE-2024-36968 CVE-2024-38558 CVE-2024-36000 CVE-2024-27398 CVE-2024-35983 CVE-2024-36949 CVE-2024-38600 CVE-2024-36950 CVE-2024-36946 CVE-2024-36031 CVE-2024-35847 CVE-2024-36905 CVE-2024-38571 CVE-2024-36007 CVE-2024-35856 CVE-2024-38601 CVE-2024-38569 CVE-2024-38617 CVE-2024-35988 CVE-2024-35989 CVE-2024-35993 CVE-2024-36893 CVE-2024-36901 |
| CWE-ID | CWE-399 CWE-667 CWE-20 CWE-476 CWE-908 CWE-119 CWE-416 CWE-401 CWE-125 CWE-1037 CWE-366 CWE-388 CWE-269 CWE-415 CWE-200 CWE-362 CWE-665 CWE-369 CWE-682 CWE-264 CWE-477 CWE-193 CWE-617 CWE-835 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-raspi (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-40-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-40-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1009-raspi (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 226 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93838
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36006
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU92009
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36922
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the iwl_txq_reclaim() function in drivers/net/wireless/intel/iwlwifi/queue/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU92342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38584
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the prueth_probe() function in drivers/net/ethernet/ti/icssg/icssg_prueth.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU90864
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36923
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the v9fs_evict_inode() function in fs/9p/vfs_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU93136
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36892
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the set_freepointer(), print_section(), slab_free_hook() and __slab_alloc_node() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90163
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU89984
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35853
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vchunk_migrate_start() and mlxsw_sp_acl_tcam_vregion_migrate() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU92326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38562
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nl80211_trigger_scan() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93238
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mpi3mr_bsg_process_mpt_cmds() function in drivers/scsi/mpi3mr/mpi3mr_app.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU92352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38543
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dmirror_device_evict_chunk() function in lib/test_hmm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU92377
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38576
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tree_stall.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU92323
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38572
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in drivers/net/wireless/ath/ath12k/qmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use of uninitialized resource
EUVDB-ID: #VU92002
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36898
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the edge_detector_update() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU93281
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36004
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU93347
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the thermal_debug_tz_add() function in drivers/thermal/thermal_debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU90847
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36881
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the userfaultfd_release() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU93385
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36977
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __dwc3_gadget_get_frame() and __dwc3_stop_active_transfer() functions in drivers/usb/dwc3/gadget.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU91613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36955
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the is_link_enabled() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU90271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36906
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ENDPROC() function in arch/arm/kernel/sleep.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU90057
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_command_rej(), l2cap_connect() and l2cap_chan_unlock() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU90382
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvidia_smmu_context_fault() function in drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU92295
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38563
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7996_mcu_get_temperature() function in drivers/net/wireless/mediatek/mt76/mt7996/mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use of uninitialized resource
EUVDB-ID: #VU93434
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36966
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the erofs_init_fs_context() function in fs/erofs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU92350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38547
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU92363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tc_taprio_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c, within the stmmac_adjust_time() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU90384
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36926
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_dma_bus_setup_pSeriesLP() function in arch/powerpc/platforms/pseries/iommu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU92321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38587
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU93047
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38566
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the real_bind() function in tools/testing/selftests/bpf/progs/lsm_cgroup.c, within the BPF_PROG() function in tools/testing/selftests/bpf/progs/local_storage.c, within the SEC() function in tools/testing/selftests/bpf/progs/bench_local_storage_create.c, within the mark_btf_ld_reg(), check_map_kptr_access(), is_trusted_reg(), bpf_map_direct_read(), BTF_TYPE_SAFE_TRUSTED(), type_is_trusted() and check_ptr_to_btf_access() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Resource management error
EUVDB-ID: #VU89674
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27400
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in amdgpu driver. A local user can crash the OS kernel.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU90528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU90048
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU90839
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35851
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qca_prevent_wake() function in drivers/bluetooth/hci_qca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU92378
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38577
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kernel/rcu/tasks.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Resource management error
EUVDB-ID: #VU93087
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38590
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU92325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38568
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU92298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU93672
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36887
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the e1000e_read_phy_reg_mdic() and e1000e_write_phy_reg_mdic() functions in drivers/net/ethernet/intel/e1000e/phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU93808
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35996
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to speculative execution in kernel/cpu.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU92314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38612
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU90386
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36925
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rmem_swiotlb_device_init() function in kernel/dma/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU93134
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Race condition within a thread
EUVDB-ID: #VU92380
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU90046
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the thermal_debug_cdev_add() function in drivers/thermal/thermal_debugfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU93821
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39482
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU93397
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38585
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the tools/include/nolibc/stdlib.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Input validation error
EUVDB-ID: #VU90848
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36033
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_read_fw_board_id() function in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper error handling
EUVDB-ID: #VU92940
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38614
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unhandled_exception() function in arch/openrisc/kernel/traps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU89983
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35852
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Resource management error
EUVDB-ID: #VU93278
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36908
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iocg_pay_debt() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper privilege management
EUVDB-ID: #VU93733
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36963
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the DEFINE_SPINLOCK(), tracefs_apply_options() and tracefs_d_revalidate() functions in fs/tracefs/inode.c, within the eventfs_remount() function in fs/tracefs/event_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Resource management error
EUVDB-ID: #VU92981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds read
EUVDB-ID: #VU92331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38540
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use of uninitialized resource
EUVDB-ID: #VU90863
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36927
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU93345
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36910
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hv_uio_cleanup() and hv_uio_probe() functions in drivers/uio/uio_hv_generic.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU94998
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42134
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vp_del_vqs() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Resource management error
EUVDB-ID: #VU93182
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36888
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kick_pool() function in kernel/workqueue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU91641
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35859
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bdev_open_by_dev() function in block/bdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU93346
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36911
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the free_netvsc_device() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Improper error handling
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Out-of-bounds read
EUVDB-ID: #VU90270
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36921
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_mld_rm_sta() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Information disclosure
EUVDB-ID: #VU91323
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36913
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the vmbus_connect() and vmbus_disconnect() functions in drivers/hv/connection.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Input validation error
EUVDB-ID: #VU94123
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36943
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the make_uffd_wp_pte() function in fs/proc/task_mmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Race condition
EUVDB-ID: #VU93377
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35986
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tusb1210_get_online() and tusb1210_remove_charger_detect() functions in drivers/phy/ti/phy-tusb1210.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Buffer overflow
EUVDB-ID: #VU93620
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38616
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the carl9170_tx_release() function in drivers/net/wireless/ath/carl9170/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improper Initialization
EUVDB-ID: #VU91547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36900
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU90268
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36915
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Memory leak
EUVDB-ID: #VU92296
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38602
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improper locking
EUVDB-ID: #VU91445
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35991
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the process_evl_entries() function in drivers/dma/idxd/irq.c, within the idxd_init_evl() function in drivers/dma/idxd/init.c, within the idxd_device_evl_setup() and idxd_device_evl_free() functions in drivers/dma/idxd/device.c, within the debugfs_evl_show() function in drivers/dma/idxd/debugfs.c, within the idxd_cdev_evl_drain_pasid() function in drivers/dma/idxd/cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU93085
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36909
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmbus_free_ring() function in drivers/hv/channel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU92297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38603
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hns3_pmu_irq_register() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper error handling
EUVDB-ID: #VU93450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU92344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_object_load_prog() function in tools/lib/bpf/libbpf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Memory leak
EUVDB-ID: #VU91561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36967
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Buffer overflow
EUVDB-ID: #VU92004
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36895
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the __uvcg_iter_item_entries() function in drivers/usb/gadget/function/uvc_configfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper locking
EUVDB-ID: #VU90750
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36003
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_reset_vf() function in drivers/net/ethernet/intel/ice/ice_vf_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) NULL pointer dereference
EUVDB-ID: #VU90725
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36961
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tze_seq_start(), tze_seq_next(), thermal_debug_tz_add() and thermal_debug_tz_remove() functions in drivers/thermal/thermal_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU92306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use of uninitialized resource
EUVDB-ID: #VU92373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38538
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and br_dev_xmit() functions in net/bridge/br_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Resource management error
EUVDB-ID: #VU93267
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36001
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netfs_perform_write() function in fs/netfs/buffered_write.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Information disclosure
EUVDB-ID: #VU91324
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36912
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the __vmbus_establish_gpadl() and kfree() functions in drivers/hv/channel.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) NULL pointer dereference
EUVDB-ID: #VU92348
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38550
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kirkwood_dma_hw_params() function in sound/soc/kirkwood/kirkwood-dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Division by zero
EUVDB-ID: #VU91563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36969
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improper locking
EUVDB-ID: #VU92362
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_sf_dev_probe() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_init_one_light() function in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Information disclosure
EUVDB-ID: #VU91345
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improper locking
EUVDB-ID: #VU91441
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36936
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the list_del() function in drivers/firmware/efi/unaccepted_memory.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Out-of-bounds read
EUVDB-ID: #VU91391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35949
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __btrfs_check_leaf() and __btrfs_check_node() functions in fs/btrfs/tree-checker.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Incorrect calculation
EUVDB-ID: #VU93754
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36009
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Buffer overflow
EUVDB-ID: #VU93148
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35987
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setup_bootmem() function in arch/riscv/mm/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Buffer overflow
EUVDB-ID: #VU92376
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU93849
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38564
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Input validation error
EUVDB-ID: #VU90849
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36032
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_read_fw_build_info() function in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Input validation error
EUVDB-ID: #VU94120
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Input validation error
EUVDB-ID: #VU94122
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36951
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the event_interrupt_wq_v9() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c, within the event_interrupt_wq_v11() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c, within the event_interrupt_wq_v10() function in drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Race condition within a thread
EUVDB-ID: #VU91426
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35999
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the cifs_pick_channel() function in fs/smb/client/transport.c. A local user can manipulate data.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) NULL pointer dereference
EUVDB-ID: #VU92347
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38551
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_card_codec_info() function in sound/soc/mediatek/common/mtk-soundcard-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Use of uninitialized resource
EUVDB-ID: #VU90865
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36903
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Out-of-bounds read
EUVDB-ID: #VU90267
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the crw_inject_write() function in drivers/s390/cio/cio_inject.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Improper Initialization
EUVDB-ID: #VU92382
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38593
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the lan8841_suspend() function in drivers/net/phy/micrel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Resource management error
EUVDB-ID: #VU93181
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Resource management error
EUVDB-ID: #VU92961
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36928
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qeth_free_cq(), qeth_alloc_qdio_queues(), atomic_set(), qeth_free_qdio_queues() and qeth_qdio_poll() functions in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU93055
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36002
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpll_device_get_by_id(), dpll_pin_registration_find(), dpll_xa_ref_pin_add(), dpll_xa_ref_pin_del(), dpll_xa_ref_dpll_add(), dpll_xa_ref_dpll_del(), EXPORT_SYMBOL_GPL(), __dpll_pin_register(), dpll_pin_register(), dpll_pin_unregister(), dpll_pin_on_pin_register() and dpll_pin_on_pin_unregister() functions in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use of obsolete function
EUVDB-ID: #VU94119
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38620
CWE-ID:
CWE-477 - Use of Obsolete Function
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to kernel contains obsolete support for HCI_AMP. A local user can abuse such support, which can lead to potential security issues.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU90169
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27395
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU90168
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27396
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use-after-free
EUVDB-ID: #VU90058
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the msft_monitor_supported() function in net/bluetooth/msft.h, within the msft_register() function in net/bluetooth/msft.c, within the hci_unregister_dev() and hci_release_dev() functions in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Improper locking
EUVDB-ID: #VU92364
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use of uninitialized resource
EUVDB-ID: #VU90975
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36889
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Out-of-bounds read
EUVDB-ID: #VU93402
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38606
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_tl_data() and adf_tl_run() functions in drivers/crypto/intel/qat/qat_common/adf_telemetry.c, within the adf_gen4_init_tl_data() function in drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Improper locking
EUVDB-ID: #VU92369
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Information disclosure
EUVDB-ID: #VU91322
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36945
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the smc_ib_find_route() function in net/smc/smc_ib.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Buffer overflow
EUVDB-ID: #VU91199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Improper locking
EUVDB-ID: #VU91440
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36962
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_dbg_dumpkkt(), ks8851_rx_pkts() and ks8851_irq() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Memory leak
EUVDB-ID: #VU91614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the remove_device_files() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU92345
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38573
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() functions in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) NULL pointer dereference
EUVDB-ID: #VU90840
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35850
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qca_debugfs_init() function in drivers/bluetooth/hci_qca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use-after-free
EUVDB-ID: #VU92312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38588
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use-after-free
EUVDB-ID: #VU92313
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38610
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Buffer overflow
EUVDB-ID: #VU92094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Off-by-one
EUVDB-ID: #VU91171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36957
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) NULL pointer dereference
EUVDB-ID: #VU93263
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35846
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the zswap_shrinker_count() function in mm/zswap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Buffer overflow
EUVDB-ID: #VU93307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) NULL pointer dereference
EUVDB-ID: #VU91235
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the icmp_build_probe() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Race condition
EUVDB-ID: #VU93374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36975
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Buffer overflow
EUVDB-ID: #VU93306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38542
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mana_ib_install_cq_cb() function in drivers/infiniband/hw/mana/cq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Buffer overflow
EUVDB-ID: #VU93403
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36948
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the xe_migrate_prepare_vm() and emit_pte() functions in drivers/gpu/drm/xe/xe_migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) NULL pointer dereference
EUVDB-ID: #VU92062
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36011
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hci_le_big_sync_established_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Out-of-bounds read
EUVDB-ID: #VU92329
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38556
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cmd_work_handler(), wait_func() and mlx5_cmd_invoke() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU91223
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the construct_integrated_info() function in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Improper locking
EUVDB-ID: #VU92368
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38557
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_mpesw() and mlx5_lag_add_devices() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c, within the mlx5_disable_lag() and mlx5_do_bond() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c, within the esw_offloads_cleanup(), mlx5_esw_offloads_rep_load(), esw_destroy_offloads_acl_tables() and mlx5_eswitch_reload_reps() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Resource management error
EUVDB-ID: #VU93391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36890
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/slab.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Improper locking
EUVDB-ID: #VU90736
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the page_cache_ra_order() function in mm/readahead.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Out-of-bounds read
EUVDB-ID: #VU90269
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36914
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dm_resume(), get_highest_refresh_rate_mode() and amdgpu_dm_commit_audio() functions in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Improper locking
EUVDB-ID: #VU90749
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cifs_sync_mid_result() function in fs/smb/client/transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Improper Initialization
EUVDB-ID: #VU91546
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36958
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the nfsd4_encode_fattr4() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper locking
EUVDB-ID: #VU92367
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38580
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) NULL pointer dereference
EUVDB-ID: #VU91455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36896
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) NULL pointer dereference
EUVDB-ID: #VU90379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36891
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mas_empty_area_rev() function in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Improper locking
EUVDB-ID: #VU90734
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36924
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Improper locking
EUVDB-ID: #VU92365
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Improper Initialization
EUVDB-ID: #VU92381
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38592
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mtk_drm_crtc_create() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Improper locking
EUVDB-ID: #VU90735
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Improper locking
EUVDB-ID: #VU91503
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36028
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __update_and_free_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) NULL pointer dereference
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Input validation error
EUVDB-ID: #VU90850
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Improper locking
EUVDB-ID: #VU91502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36944
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qxl_fence_wait() function in drivers/gpu/drm/qxl/qxl_release.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Memory leak
EUVDB-ID: #VU89985
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35858
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the umac_init(), bcmasp_tx_poll(), bcmasp_init_tx() and bcmasp_netif_deinit() functions in drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Resource management error
EUVDB-ID: #VU93190
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36005
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Memory leak
EUVDB-ID: #VU92293
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38539
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cma_validate_port() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Resource management error
EUVDB-ID: #VU93393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35994
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXPORT_SYMBOL_GPL() and qcom_scm_qseecom_app_send() functions in drivers/firmware/qcom/qcom_scm.c, within the __array_offs(), qsee_uefi_get_variable(), qsee_uefi_set_variable(), qsee_uefi_get_next_variable() and qsee_uefi_query_variable_info() functions in drivers/firmware/qcom/qcom_qseecom_uefisecapp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Double Free
EUVDB-ID: #VU90886
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36030
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the rvu_npc_freemem() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Use-after-free
EUVDB-ID: #VU90170
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27394
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_ao_connect_init() function in net/ipv4/tcp_ao.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) NULL pointer dereference
EUVDB-ID: #VU90385
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36930
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __spi_sync() function in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) NULL pointer dereference
EUVDB-ID: #VU90529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36937
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __xdp_do_redirect_frame(), EXPORT_SYMBOL_GPL(), xdp_do_generic_redirect_map() and xdp_do_generic_redirect() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Use-after-free
EUVDB-ID: #VU92308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38561
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kunit_try_catch_run() function in lib/kunit/try-catch.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Information disclosure
EUVDB-ID: #VU91321
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Out-of-bounds read
EUVDB-ID: #VU90265
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36935
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ice_debugfs_module_write(), ice_debugfs_nr_messages_write(), ice_debugfs_enable_write() and ice_debugfs_log_size_write() functions in drivers/net/ethernet/intel/ice/ice_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Out-of-bounds read
EUVDB-ID: #VU90273
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Resource management error
EUVDB-ID: #VU93291
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38604
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the blkdev_iomap_begin() function in block/fops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Memory leak
EUVDB-ID: #VU92294
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38554
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) NULL pointer dereference
EUVDB-ID: #VU92343
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38575
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pcie_provide_random_bytes() and brcmf_pcie_download_fw_nvram() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Input validation error
EUVDB-ID: #VU93447
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36918
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the test_fail_cases() function in tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c, within the bloom_map_get_next_key() and bloom_map_check_btf() functions in kernel/bpf/bloom_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Use-after-free
EUVDB-ID: #VU92305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Use-after-free
EUVDB-ID: #VU90162
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_vregion_rehash() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Division by zero
EUVDB-ID: #VU92008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36968
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sco_sock_clear_timer() and sco_conn_add() functions in net/bluetooth/sco.c, within the l2cap_finish_move(), l2cap_rx_state_wait_f() and l2cap_conn_add() functions in net/bluetooth/l2cap_core.c, within the iso_sock_sendmsg() function in net/bluetooth/iso.c, within the hci_cc_read_buffer_size(), hci_cc_le_read_buffer_size(), hci_cs_create_conn(), hci_conn_complete_evt(), hci_conn_request_evt(), hci_cc_le_read_buffer_size_v2(), le_conn_complete_evt(), hci_le_cis_req_evt(), hci_le_big_sync_established_evt() and hci_le_big_info_adv_report_evt() functions in net/bluetooth/hci_event.c, within the hci_conn_add(), hci_conn_add_unset(), hci_connect_le(), hci_add_bis(), hci_connect_le_scan(), hci_connect_acl(), hci_connect_sco(), hci_bind_cis() and hci_iso_qos_setup() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Reachable Assertion
EUVDB-ID: #VU90907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36000
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Input validation error
EUVDB-ID: #VU93676
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35983
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the main() function in kernel/bounds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Improper locking
EUVDB-ID: #VU92360
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38600
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Improper error handling
EUVDB-ID: #VU92055
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Input validation error
EUVDB-ID: #VU94121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Double free
EUVDB-ID: #VU90891
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35847
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) NULL pointer dereference
EUVDB-ID: #VU92346
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38571
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compute_intercept_slope() function in drivers/thermal/qcom/tsens.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Incorrect calculation
EUVDB-ID: #VU93612
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36007
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the mlxsw_sp_acl_tcam_vregion_rehash_work(), mlxsw_sp_acl_tcam_rehash_ctx_vregion_changed(), mlxsw_sp_acl_tcam_vchunk_migrate_end(), mlxsw_sp_acl_tcam_vchunk_migrate_one(), mlxsw_sp_acl_tcam_vregion_migrate() and mlxsw_sp_acl_tcam_vregion_rehash_start() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Double free
EUVDB-ID: #VU90890
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35856
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the btmtk_process_coredump() function in drivers/bluetooth/btmtk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Out-of-bounds read
EUVDB-ID: #VU92324
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38569
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hisi_pcie_pmu_validate_event_group() function in drivers/perf/hisilicon/hisi_pcie_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Buffer overflow
EUVDB-ID: #VU93802
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38617
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_ALLOC_SIZE_TEST_PAIR() function in lib/fortify_kunit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Input validation error
EUVDB-ID: #VU94125
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35988
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Resource management error
EUVDB-ID: #VU93472
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35989
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the perf_event_cpu_offline() function in drivers/dma/idxd/perfmon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Buffer overflow
EUVDB-ID: #VU93665
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35993
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __clear_hugetlb_destructor(), add_hugetlb_folio(), __prep_new_hugetlb_folio() and prep_compound_gigantic_folio_for_demote() functions in mm/hugetlb.c, within the crash_save_vmcoreinfo_init() function in kernel/crash_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) NULL pointer dereference
EUVDB-ID: #VU90380
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svdm_consume_identity(), tcpm_register_partner_altmodes(), tcpm_init_vconn(), tcpm_typec_connect(), tcpm_typec_disconnect() and tcpm_pwr_opmode_to_rp() functions in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) NULL pointer dereference
EUVDB-ID: #VU91224
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36901
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-lowlatency to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-raspi (Ubuntu package): before 6.8.0-1009.10
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency-64k (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-40-lowlatency (Ubuntu package): before 6.8.0-40.40.1
linux-image-6.8.0-1009-raspi (Ubuntu package): before 6.8.0-1009.10
External linkshttp://ubuntu.com/security/notices/USN-6949-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
