Ubuntu update for linux-oracle



Risk Medium
Patch available YES
Number of vulnerabilities 18
CVE-ID CVE-2024-22099
CVE-2024-24860
CVE-2024-26903
CVE-2024-35835
CVE-2023-52644
CVE-2024-39292
CVE-2024-36940
CVE-2024-26600
CVE-2023-52629
CVE-2024-35955
CVE-2023-52760
CVE-2023-52806
CVE-2024-39484
CVE-2024-26679
CVE-2024-26654
CVE-2024-36901
CVE-2024-26687
CVE-2023-52470
CWE-ID CWE-476
CWE-362
CWE-415
CWE-835
CWE-399
CWE-416
CWE-401
CWE-667
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

linux-image-4.15.0-1134-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle-lts-18.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 18 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU87192

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22099

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU86580

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-24860

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the {min,max}_key_size_set() function in the Linux kernel bluetooth device driver. A remote attacker with physical proximity to device can send specially crafted packets to the system and crash the kernel.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU92070

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26903

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Double free

EUVDB-ID: #VU90923

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35835

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Infinite loop

EUVDB-ID: #VU93068

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52644

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU93178

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39292

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the register_winch_irq() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU89249

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26600

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU90221

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52629

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the switch_drv_remove() function in arch/sh/drivers/push-switch.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU90145

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35955

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU90067

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52760

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the spin_unlock() function in fs/gfs2/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) NULL pointer dereference

EUVDB-ID: #VU92064

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52806

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_hdac_stream_assign() function in sound/hda/hdac_stream.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Memory leak

EUVDB-ID: #VU93818

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39484

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the davinci_mmcsd_remove() and __exit_p() functions in drivers/mmc/host/davinci_mmc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper locking

EUVDB-ID: #VU92044

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26679

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Race condition

EUVDB-ID: #VU88148

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26654

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU91224

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36901

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ip6_output() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper locking

EUVDB-ID: #VU92043

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26687

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU92074

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52470

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oracle to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 18.04

linux-image-4.15.0-1134-oracle (Ubuntu package): before Ubuntu Pro

linux-image-oracle-lts-18.04 (Ubuntu package): before Ubuntu Pro

linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)

CPE2.3 External links

http://ubuntu.com/security/notices/USN-6972-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###