Ubuntu update for linux-hwe-5.15
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 50 |
| CVE-ID | CVE-2024-36883 CVE-2024-36940 CVE-2024-36902 CVE-2024-36975 CVE-2024-36964 CVE-2024-36938 CVE-2024-36931 CVE-2024-35848 CVE-2024-26900 CVE-2024-36967 CVE-2024-36904 CVE-2024-27398 CVE-2024-36031 CVE-2023-52585 CVE-2024-36886 CVE-2024-36937 CVE-2024-36954 CVE-2024-36916 CVE-2024-36905 CVE-2024-36959 CVE-2024-26980 CVE-2024-26936 CVE-2024-36928 CVE-2024-36889 CVE-2024-36929 CVE-2024-36933 CVE-2024-27399 CVE-2024-36946 CVE-2024-36906 CVE-2024-36965 CVE-2024-36957 CVE-2024-36941 CVE-2024-36897 CVE-2024-36952 CVE-2024-36947 CVE-2024-36950 CVE-2024-36880 CVE-2024-36017 CVE-2023-52882 CVE-2024-36969 CVE-2024-38600 CVE-2024-36955 CVE-2024-36960 CVE-2024-27401 CVE-2024-36919 CVE-2024-36934 CVE-2024-35947 CVE-2024-36953 CVE-2024-36944 CVE-2024-36939 |
| CWE-ID | CWE-125 CWE-415 CWE-476 CWE-362 CWE-269 CWE-119 CWE-401 CWE-416 CWE-20 CWE-200 CWE-399 CWE-908 CWE-388 CWE-193 CWE-369 CWE-667 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-virtual-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04d (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04c (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04b (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-118-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-118-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-118-generic (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 50 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU91222
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36902
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU93374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36975
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU90383
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36938
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/skmsg.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU90267
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36931
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the crw_inject_write() function in drivers/s390/cio/cio_inject.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU91199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU90468
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26900
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU91561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36967
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU94121
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU91241
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_query_error_status_helper() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU90049
Risk: High
CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36886
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36937
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __xdp_do_redirect_frame(), EXPORT_SYMBOL_GPL(), xdp_do_generic_redirect_map() and xdp_do_generic_redirect() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU90273
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU93375
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36905
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Information disclosure
EUVDB-ID: #VU91321
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36959
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU90320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26980
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU90322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26936
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_allocate_rsp_buf() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Resource management error
EUVDB-ID: #VU92961
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36928
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qeth_free_cq(), qeth_alloc_qdio_queues(), atomic_set(), qeth_free_qdio_queues() and qeth_qdio_poll() functions in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use of uninitialized resource
EUVDB-ID: #VU90975
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36889
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper error handling
EUVDB-ID: #VU93449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36929
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use of uninitialized resource
EUVDB-ID: #VU90862
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36933
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU89673
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27399
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU93469
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36946
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU90271
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36906
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ENDPROC() function in arch/arm/kernel/sleep.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU93307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Off-by-one
EUVDB-ID: #VU91171
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36957
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) NULL pointer dereference
EUVDB-ID: #VU90528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36941
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU91223
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the construct_integrated_info() function in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Race condition
EUVDB-ID: #VU91463
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36952
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory leak
EUVDB-ID: #VU91614
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the remove_device_files() function in drivers/infiniband/hw/qib/qib_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper error handling
EUVDB-ID: #VU92055
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36950
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU90850
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_send_pre_shutdown_cmd(), qca_tlv_check_data() and qca_download_firmware() functions in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Input validation error
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Division by zero
EUVDB-ID: #VU91563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36969
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper locking
EUVDB-ID: #VU92360
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38600
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Memory leak
EUVDB-ID: #VU91613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36955
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the is_link_enabled() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper error handling
EUVDB-ID: #VU93468
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35947
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.
Update the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper error handling
EUVDB-ID: #VU93450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU91502
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36944
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qxl_fence_wait() function in drivers/gpu/drm/qxl/qxl_release.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper error handling
EUVDB-ID: #VU92054
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36939
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-hwe-5.15 to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04d (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04c (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04b (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-oem-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.118.128~20.04.1
linux-image-5.15.0-118-generic-lpae (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic-64k (Ubuntu package): before 5.15.0-118.128~20.04.1
linux-image-5.15.0-118-generic (Ubuntu package): before 5.15.0-118.128~20.04.1
External linkshttp://ubuntu.com/security/notices/USN-6950-4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
