Ubuntu update for linux-nvidia
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 219 |
| CVE-ID | CVE-2024-23848 CVE-2024-40902 CVE-2024-40963 CVE-2024-40994 CVE-2024-36481 CVE-2024-39301 CVE-2024-38390 CVE-2024-40976 CVE-2024-40934 CVE-2024-40916 CVE-2024-39298 CVE-2024-38659 CVE-2024-38384 CVE-2024-38635 CVE-2024-39494 CVE-2024-40926 CVE-2024-40956 CVE-2024-40948 CVE-2024-40920 CVE-2024-38624 CVE-2024-39498 CVE-2024-38780 CVE-2024-39503 CVE-2024-40919 CVE-2024-39505 CVE-2024-40988 CVE-2024-36972 CVE-2024-36974 CVE-2024-39495 CVE-2024-40992 CVE-2024-36015 CVE-2024-38618 CVE-2024-39478 CVE-2024-40975 CVE-2024-39507 CVE-2024-39479 CVE-2024-39291 CVE-2024-40925 CVE-2024-39493 CVE-2024-41005 CVE-2024-40932 CVE-2024-39467 CVE-2024-40973 CVE-2024-38634 CVE-2024-34027 CVE-2024-39462 CVE-2024-40949 CVE-2024-40908 CVE-2024-40929 CVE-2024-38662 CVE-2024-39489 CVE-2024-40953 CVE-2024-38306 CVE-2024-40915 CVE-2024-39470 CVE-2024-40969 CVE-2024-31076 CVE-2024-38663 CVE-2024-38629 CVE-2024-38633 CVE-2024-40959 CVE-2024-39475 CVE-2024-40947 CVE-2024-40971 CVE-2024-40979 CVE-2024-40996 CVE-2024-36484 CVE-2024-40960 CVE-2022-48772 CVE-2024-33619 CVE-2024-40923 CVE-2024-41006 CVE-2024-39474 CVE-2024-40944 CVE-2024-39473 CVE-2024-39469 CVE-2024-40914 CVE-2024-40900 CVE-2023-52884 CVE-2024-40931 CVE-2024-38664 CVE-2024-41004 CVE-2024-38636 CVE-2024-41001 CVE-2024-39497 CVE-2024-40974 CVE-2024-42078 CVE-2024-40954 CVE-2024-39483 CVE-2024-40978 CVE-2024-40952 CVE-2024-39481 CVE-2024-40955 CVE-2024-39471 CVE-2024-41000 CVE-2024-40972 CVE-2024-40957 CVE-2024-40913 CVE-2024-36478 CVE-2024-40984 CVE-2024-40990 CVE-2024-39510 CVE-2024-38381 CVE-2024-39277 CVE-2024-39464 CVE-2024-40995 CVE-2024-40905 CVE-2024-40986 CVE-2024-36971 CVE-2024-39480 CVE-2024-40938 CVE-2024-39509 CVE-2024-40982 CVE-2024-39500 CVE-2024-37026 CVE-2024-40965 CVE-2024-40961 CVE-2024-40989 CVE-2024-36973 CVE-2024-39504 CVE-2024-37354 CVE-2024-39488 CVE-2024-38661 CVE-2024-40998 CVE-2024-36489 CVE-2024-37021 CVE-2024-40917 CVE-2024-36281 CVE-2024-40964 CVE-2024-39496 CVE-2024-40980 CVE-2024-39465 CVE-2024-40983 CVE-2024-40936 CVE-2024-40899 CVE-2024-40933 CVE-2024-36288 CVE-2024-36286 CVE-2024-40987 CVE-2024-40939 CVE-2024-38667 CVE-2024-38628 CVE-2024-40977 CVE-2024-39276 CVE-2024-40941 CVE-2024-39491 CVE-2024-37078 CVE-2024-36978 CVE-2024-38623 CVE-2024-40962 CVE-2024-40935 CVE-2024-40997 CVE-2024-40981 CVE-2024-40922 CVE-2024-39461 CVE-2024-40999 CVE-2024-40918 CVE-2024-40927 CVE-2024-42148 CVE-2024-39371 CVE-2024-40985 CVE-2024-34030 CVE-2024-39485 CVE-2024-39296 CVE-2024-39466 CVE-2024-40909 CVE-2024-39492 CVE-2024-39502 CVE-2024-40903 CVE-2024-41040 CVE-2024-40968 CVE-2024-41003 CVE-2024-39499 CVE-2024-39508 CVE-2024-34777 CVE-2024-38627 CVE-2024-40930 CVE-2024-38388 CVE-2024-39490 CVE-2024-40906 CVE-2024-40940 CVE-2024-40937 CVE-2024-40911 CVE-2024-38385 CVE-2024-36244 CVE-2024-38622 CVE-2024-40958 CVE-2024-41002 CVE-2024-38621 CVE-2024-40970 CVE-2024-40904 CVE-2024-40928 CVE-2024-40967 CVE-2024-40951 CVE-2024-38637 CVE-2024-37356 CVE-2024-39463 CVE-2024-40912 CVE-2024-33847 CVE-2024-39468 CVE-2024-40942 CVE-2024-40910 CVE-2024-38625 CVE-2024-35247 CVE-2024-36479 CVE-2024-40943 CVE-2024-32936 CVE-2024-38630 CVE-2024-39501 CVE-2024-40966 CVE-2024-40921 CVE-2024-40924 CVE-2024-39506 CVE-2024-36270 CVE-2024-33621 CVE-2024-40945 CVE-2024-40901 CVE-2024-38632 CVE-2024-38619 |
| CWE-ID | CWE-416 CWE-119 CWE-20 CWE-190 CWE-388 CWE-908 CWE-476 CWE-362 CWE-401 CWE-667 CWE-399 CWE-125 CWE-835 CWE-252 CWE-665 CWE-369 CWE-617 CWE-415 |
| Exploitation vector | Local |
| Public exploit | Vulnerability #109 is being exploited in the wild. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-nvidia-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-nvidia-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 219 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU94318
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Integer overflow
EUVDB-ID: #VU94294
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper error handling
EUVDB-ID: #VU93079
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36481
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the parse_btf_field() function in kernel/trace/trace_probe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU93031
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38390
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the a6xx_gpu_init() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Race condition
EUVDB-ID: #VU94297
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40976
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lima_sched_timedout_job() function in drivers/gpu/drm/lima/lima_sched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU94205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40934
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper locking
EUVDB-ID: #VU94281
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource management error
EUVDB-ID: #VU93339
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39298
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the me_huge_page() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Infinite loop
EUVDB-ID: #VU93130
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38384
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __blkcg_rstat_flush() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use of uninitialized resource
EUVDB-ID: #VU94292
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40926
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nouveau_display_hpd_resume(), nouveau_display_fini() and nouveau_display_create() functions in drivers/gpu/drm/nouveau/nouveau_display.c, within the nv50_display_fini() function in drivers/gpu/drm/nouveau/dispnv50/disp.c, within the nv04_display_fini() function in drivers/gpu/drm/nouveau/dispnv04/disp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU94216
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU94286
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the page_table_check_clear(), page_table_check_set() and __page_table_check_zero() functions in mm/page_table_check.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU94221
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40920
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the br_mst_set_state() function in net/bridge/br_mst.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Integer overflow
EUVDB-ID: #VU93059
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38624
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the log_read_rst() function in fs/ntfs3/fslog.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU94251
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39498
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_msto_cleanup() function in drivers/gpu/drm/nouveau/dispnv50/disp.c, within the intel_mst_enable_dp() function in drivers/gpu/drm/i915/display/intel_dp_mst.c, within the EXPORT_SYMBOL() function in drivers/gpu/drm/display/drm_dp_mst_topology.c, within the dm_helpers_dp_mst_send_payload_allocation() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU94230
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39503
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) NULL pointer dereference
EUVDB-ID: #VU94254
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40919
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __hwrm_send() function in drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU94259
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39505
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU91664
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36972
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the queue_oob(), unix_stream_recv_urg() and manage_oob() functions in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU93310
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU94232
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39495
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU94302
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40992
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_resp_check_length() function in drivers/infiniband/sw/rxe/rxe_resp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Buffer overflow
EUVDB-ID: #VU93829
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39478
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the starfive_rsa_enc_core() function in drivers/crypto/starfive/jh7110-rsa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource management error
EUVDB-ID: #VU94306
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40975
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the x86_android_tablet_remove() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU94284
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39507
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU93819
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39479
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_hwmon_register() function in drivers/gpu/drm/i915/i915_hwmon.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU93129
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39291
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the gfx_v9_4_3_init_microcode() function in drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper Initialization
EUVDB-ID: #VU94298
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40925
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the blk_flush_complete_seq() and flush_end_io() functions in block/blk-flush.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Memory leak
EUVDB-ID: #VU94086
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39493
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU94264
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU93325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39467
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU94241
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40973
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_vcodec_fw_scp_init() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU93125
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU93324
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39462
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the clk_dvp_probe() function in drivers/clk/bcm/clk-bcm2711-dvp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper locking
EUVDB-ID: #VU94263
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shmem_replace_folio() function in mm/shmem.c, within the __mem_cgroup_uncharge_folios() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU94316
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __bpf_prog_test_run_raw_tp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds read
EUVDB-ID: #VU94236
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40953
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU93328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38306
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the grab_extent_buffer(), check_eb_alignment(), filemap_add_folio(), __free_page(), alloc_extent_buffer() and folio_size() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU94222
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40915
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) NULL pointer dereference
EUVDB-ID: #VU93332
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the eventfs_find_events() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper locking
EUVDB-ID: #VU94273
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40969
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_handle_critical_error() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Memory leak
EUVDB-ID: #VU93016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Buffer overflow
EUVDB-ID: #VU93132
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38663
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spin_unlock_irq(), blkcg_reset_stats() and blkg_conf_exit() functions in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU93070
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38629
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the idxd_wq_del_cdev() function in drivers/dma/idxd/cdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) NULL pointer dereference
EUVDB-ID: #VU93032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU94218
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40947
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU94323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Memory leak
EUVDB-ID: #VU94208
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40979
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ath12k_qmi_free_target_mem_chunk(), ath12k_qmi_alloc_target_mem_chunk() and ath12k_qmi_m3_load() functions in drivers/net/wireless/ath/ath12k/qmi.c, within the ath12k_core_reset() function in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Buffer overflow
EUVDB-ID: #VU94303
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40996
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Reachable assertion
EUVDB-ID: #VU93039
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use of uninitialized resource
EUVDB-ID: #VU93041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the efi_free() function in drivers/firmware/efi/libstub/fdt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Improper error handling
EUVDB-ID: #VU94290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40923
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vmxnet3_rq_destroy_all_rxdataring() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Memory leak
EUVDB-ID: #VU94213
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41006
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU93823
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39474
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Input validation error
EUVDB-ID: #VU94317
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40944
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the machine_kexec_cleanup() and machine_kexec() functions in arch/x86/kernel/machine_kexec_64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU93822
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39473
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sof_ipc4_get_input_pin_audio_fmt() function in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Improper error handling
EUVDB-ID: #VU93336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39469
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improper error handling
EUVDB-ID: #VU94291
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40914
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Use-after-free
EUVDB-ID: #VU94226
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40900
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_flush_reqs() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Improper locking
EUVDB-ID: #VU93035
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52884
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cyapa_suspend() and cyapa_resume() functions in drivers/input/mouse/cyapa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use of uninitialized resource
EUVDB-ID: #VU94293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40931
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper locking
EUVDB-ID: #VU93127
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38664
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the zynqmp_dpsub_probe() and zynqmp_dpsub_remove() functions in drivers/gpu/drm/xlnx/zynqmp_dpsub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improper locking
EUVDB-ID: #VU94265
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Buffer overflow
EUVDB-ID: #VU93237
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38636
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the f2fs_iomap_begin() function in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Memory leak
EUVDB-ID: #VU94211
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41001
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the io_sq_thread() function in io_uring/sqpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Buffer overflow
EUVDB-ID: #VU94313
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39497
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Buffer overflow
EUVDB-ID: #VU94301
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use of uninitialized resource
EUVDB-ID: #VU95032
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42078
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfsd_create_serv() function in fs/nfsd/nfssvc.c, within the nfsd_net_init() function in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU94217
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper locking
EUVDB-ID: #VU93825
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39483
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the svm_enable_nmi_window() function in arch/x86/kvm/svm/svm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) NULL pointer dereference
EUVDB-ID: #VU94248
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40952
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_journal_dirty() function in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Input validation error
EUVDB-ID: #VU93831
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39481
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the media_pipeline_explore_next_link() function in drivers/media/mc/mc-entity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Out-of-bounds read
EUVDB-ID: #VU94237
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the EXT4_ATTR_FUNC(), ext4_attr_show() and ext4_attr_store() functions in fs/ext4/sysfs.c, within the mb_avg_fragment_size_order() and ext4_mb_choose_next_group_best_avail() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Integer overflow
EUVDB-ID: #VU94295
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41000
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Improper locking
EUVDB-ID: #VU94272
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40972
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_set_entry(), iput(), ext4_xattr_block_set() and ext4_xattr_ibody_set() functions in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) NULL pointer dereference
EUVDB-ID: #VU94247
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU94214
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40913
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_req_put(), cachefiles_ondemand_restore(), cachefiles_ondemand_get_fd() and cachefiles_ondemand_daemon_read() functions in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) NULL pointer dereference
EUVDB-ID: #VU93029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Input validation error
EUVDB-ID: #VU94325
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Use-after-free
EUVDB-ID: #VU94228
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_daemon_read() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use of uninitialized resource
EUVDB-ID: #VU93042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Out-of-bounds read
EUVDB-ID: #VU93023
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39277
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_map_benchmark() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU93330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39464
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the v4l2_async_nf_init() and v4l2_async_subdev_nf_init() functions in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) NULL pointer dereference
EUVDB-ID: #VU94257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improper locking
EUVDB-ID: #VU94268
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40986
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xdma_channel_isr() function in drivers/dma/xilinx/xdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
110) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Input validation error
EUVDB-ID: #VU94320
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40938
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the current_check_refer_path() function in security/landlock/fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU94310
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39509
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) NULL pointer dereference
EUVDB-ID: #VU94240
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40982
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) NULL pointer dereference
EUVDB-ID: #VU94262
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39500
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_close() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Improper locking
EUVDB-ID: #VU93126
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37026
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_migrate_prepare_vm(), xe_migrate_usm_logical_mask() and xe_migrate_init() functions in drivers/gpu/drm/xe/xe_migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Improper locking
EUVDB-ID: #VU94276
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40965
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU94244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40961
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Input validation error
EUVDB-ID: #VU94324
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40989
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Double free
EUVDB-ID: #VU92208
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36973
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gp_aux_bus_probe(), auxiliary_device_uninit() and kfree() functions in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) NULL pointer dereference
EUVDB-ID: #VU94260
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39504
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nft_payload_inner_init() function in net/netfilter/nft_payload.c, within the nft_meta_inner_init() function in net/netfilter/nft_meta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Race condition
EUVDB-ID: #VU93373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37354
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Improper locking
EUVDB-ID: #VU94266
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40998
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_fill_super() function in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU93030
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) NULL pointer dereference
EUVDB-ID: #VU93124
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37021
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATTRIBUTE_GROUPS(), fpga_mgr_dev_match(), EXPORT_SYMBOL_GPL(), fpga_mgr_unlock(), fpga_mgr_register_full(), ERR_PTR(), fpga_mgr_register(), devm_fpga_mgr_unregister(), devm_fpga_mgr_register_full() and devm_fpga_mgr_register() functions in drivers/fpga/fpga-mgr.c, within the fpga_mgr_register() and fpga_mgr_register_full() functions in Documentation/driver-api/fpga/fpga-mgr.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) NULL pointer dereference
EUVDB-ID: #VU94255
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40917
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the memblock_set_node() function in mm/memblock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Memory leak
EUVDB-ID: #VU93017
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36281
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) NULL pointer dereference
EUVDB-ID: #VU94242
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40964
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_unbind() function in sound/pci/hda/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Use-after-free
EUVDB-ID: #VU94231
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39496
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_load_zone_info() function in fs/btrfs/zoned.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper locking
EUVDB-ID: #VU94270
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Resource management error
EUVDB-ID: #VU93340
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39465
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mgb4_remove() function in drivers/media/pci/mgb4/mgb4_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Resource management error
EUVDB-ID: #VU94304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Memory leak
EUVDB-ID: #VU94206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40936
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the devm_cxl_add_region() and __create_region() functions in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use-after-free
EUVDB-ID: #VU94227
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_req_put(), cachefiles_ondemand_daemon_read() and cachefiles_ondemand_send_req() functions in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) NULL pointer dereference
EUVDB-ID: #VU94238
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40933
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx90635_probe() function in drivers/iio/temperature/mlx90635.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Infinite loop
EUVDB-ID: #VU93062
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36288
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the gss_read_proxy_verf() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Input validation error
EUVDB-ID: #VU94321
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40939
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ipc_devlink_create_region() function in drivers/net/wwan/iosm/iosm_ipc_devlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Buffer overflow
EUVDB-ID: #VU93168
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the cpu_update_secondary_bootdata() function in arch/riscv/kernel/cpu_ops_spinwait.c, within the sbi_cpu_start() function in arch/riscv/kernel/cpu_ops_sbi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Improper locking
EUVDB-ID: #VU93037
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38628
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_ep_fback(), u_audio_set_volume(), u_audio_set_mute() and g_audio_setup() functions in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Improper locking
EUVDB-ID: #VU94271
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40977
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mt76s_tx_status_data() function in drivers/net/wireless/mediatek/mt76/sdio.c, within the mt7921s_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c, within the mt7921e_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c, within the mt7921_mac_reset_work() function in drivers/net/wireless/mediatek/mt76/mt7921/mac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Improper error handling
EUVDB-ID: #VU94088
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39491
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the cs35l56_hda_unbind(), cs35l56_hda_common_probe() and cs35l56_hda_remove() functions in sound/pci/hda/cs35l56_hda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Out-of-bounds read
EUVDB-ID: #VU92332
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36978
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Buffer overflow
EUVDB-ID: #VU93236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38623
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) NULL pointer dereference
EUVDB-ID: #VU94243
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40962
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btrfs_submit_chunk() function in fs/btrfs/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Use-after-free
EUVDB-ID: #VU94219
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40935
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cachefiles_daemon_open() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Memory leak
EUVDB-ID: #VU94210
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40997
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Improper locking
EUVDB-ID: #VU94269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Improper locking
EUVDB-ID: #VU94279
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40922
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the io_rsrc_ref_quiesce() function in io_uring/rsrc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Out-of-bounds read
EUVDB-ID: #VU93323
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39461
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the raspberrypi_discover_clocks() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Input validation error
EUVDB-ID: #VU94287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40999
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Improper locking
EUVDB-ID: #VU94280
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40918
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the PTR_PAGE_ALIGN_DOWN(), __flush_cache_page(), flush_icache_pages(), pte_needs_flush(), flush_dcache_folio(), purge_kernel_dcache_page_asm(), copy_user_highpage(), __flush_tlb_range(), flush_cache_range(), flush_anon_page() and invalidate_kernel_vmap_range() functions in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Use-after-free
EUVDB-ID: #VU94220
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40927
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU93329
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39371
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the io_ring_buffer_select() function in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Memory leak
EUVDB-ID: #VU94209
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40985
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcp_ao_info_cmd() function in net/ipv4/tcp_ao.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) NULL pointer dereference
EUVDB-ID: #VU93121
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34030
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_pci_prop_intr_map() function in drivers/pci/of_property.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Use of uninitialized resource
EUVDB-ID: #VU93826
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39485
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __v4l2_async_nf_unregister() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Resource management error
EUVDB-ID: #VU93338
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39296
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bonding_init() and bonding_exit() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) NULL pointer dereference
EUVDB-ID: #VU93331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39466
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lmh_probe() function in drivers/thermal/qcom/lmh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Use-after-free
EUVDB-ID: #VU94224
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40909
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bpf_obj_get(), bpf_link_defer_dealloc_mult_rcu_gp() and bpf_link_free() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Resource management error
EUVDB-ID: #VU94089
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39492
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cmdq_mbox_shutdown() function in drivers/mailbox/mtk-cmdq-mailbox.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) NULL pointer dereference
EUVDB-ID: #VU94261
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39502
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Use-after-free
EUVDB-ID: #VU94225
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40903
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcpm_register_sink_caps() function in drivers/usb/typec/tcpm/tcpm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Use-after-free
EUVDB-ID: #VU94949
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Input validation error
EUVDB-ID: #VU94319
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Resource management error
EUVDB-ID: #VU94309
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41003
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the check_cond_jmp_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Use-after-free
EUVDB-ID: #VU94229
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39508
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the WORKER_IDLE_TIMEOUT(), io_work_get_acct(), io_worker_exit(), io_wq_dec_running(), __io_worker_busy(), io_wq_worker(), io_wq_worker_running(), io_wq_worker_sleeping(), io_init_new_worker(), init_completion() and io_wq_work_match_item() functions in io_uring/io-wq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Input validation error
EUVDB-ID: #VU93172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Input validation error
EUVDB-ID: #VU94285
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40930
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_6ghz_power_type_valid() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Memory leak
EUVDB-ID: #VU93018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmfw_convert_flags(), hda_cs_dsp_add_kcontrol(), hda_cs_dsp_control_add() and hda_cs_dsp_control_remove() functions in sound/pci/hda/hda_cs_dsp_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Memory leak
EUVDB-ID: #VU94202
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40906
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mlx5_function_teardown() function in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Input validation error
EUVDB-ID: #VU94322
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40940
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_lag_create_port_sel_table() function in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Double free
EUVDB-ID: #VU94289
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) NULL pointer dereference
EUVDB-ID: #VU94256
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Use-after-free
EUVDB-ID: #VU93321
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38385
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_find_free_area() function in kernel/irq/irqdesc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Resource management error
EUVDB-ID: #VU93252
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36244
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) NULL pointer dereference
EUVDB-ID: #VU93044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38622
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_core_irq_callback_handler() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Use-after-free
EUVDB-ID: #VU94215
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Memory leak
EUVDB-ID: #VU94212
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41002
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Resource management error
EUVDB-ID: #VU94300
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40970
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the axi_desc_alloc(), axi_desc_get() and axi_chan_block_xfer_complete() functions in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) NULL pointer dereference
EUVDB-ID: #VU94252
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40928
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ethtool_get_phy_stats_ethtool() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Improper locking
EUVDB-ID: #VU94274
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) NULL pointer dereference
EUVDB-ID: #VU94249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40951
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ocfs2_fill_super() function in fs/ocfs2/super.c, within the to_ocfs2_trigger(), ocfs2_db_frozen_trigger() and __ocfs2_journal_access() functions in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) NULL pointer dereference
EUVDB-ID: #VU93046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Out-of-bounds read
EUVDB-ID: #VU93024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Use-after-free
EUVDB-ID: #VU93322
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Reachable assertion
EUVDB-ID: #VU93128
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33847
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the f2fs_setattr() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Improper locking
EUVDB-ID: #VU93335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Memory leak
EUVDB-ID: #VU94203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40910
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) NULL pointer dereference
EUVDB-ID: #VU93045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38625
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ntfs_get_block_vbo() function in fs/ntfs3/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) NULL pointer dereference
EUVDB-ID: #VU93122
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) NULL pointer dereference
EUVDB-ID: #VU93123
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36479
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_bridge_disable(), of_fpga_bridge_get(), fpga_bridge_dev_match(), fpga_bridge_get(), fpga_bridge_put(), ATTRIBUTE_GROUPS(), fpga_bridge_register() and ERR_PTR() functions in drivers/fpga/fpga-bridge.c, within the fpga_bridge_register() function in Documentation/driver-api/fpga/fpga-bridge.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Race condition
EUVDB-ID: #VU93131
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-32936
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ti_csi2rx_buffer_queue() function in drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Use-after-free
EUVDB-ID: #VU93021
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Improper locking
EUVDB-ID: #VU94275
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40966
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) NULL pointer dereference
EUVDB-ID: #VU94253
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40921
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the br_mst_get_state(), br_mst_set_state() and br_mst_vlan_sync_state() functions in net/bridge/br_mst.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Buffer overflow
EUVDB-ID: #VU94314
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40924
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/i915/gem/i915_gem_object.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) NULL pointer dereference
EUVDB-ID: #VU94250
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40945
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Memory leak
EUVDB-ID: #VU93020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38632
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vfio_intx_enable() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-nvidia to the latest version.
Vulnerable software versionsUbuntu: 24.04
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-lowlatency (Ubuntu package): before 6.8.0-1013.14.1
linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14
linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7005-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
