Ubuntu update for linux-azure
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 219 |
| CVE-ID | CVE-2024-23848 CVE-2024-25741 CVE-2024-40902 CVE-2024-38613 CVE-2024-42096 CVE-2024-40908 CVE-2024-42137 CVE-2024-38590 CVE-2024-41044 CVE-2024-39480 CVE-2024-39469 CVE-2024-39471 CVE-2024-42089 CVE-2024-38588 CVE-2024-41092 CVE-2024-42120 CVE-2024-40901 CVE-2024-40981 CVE-2024-42127 CVE-2024-40932 CVE-2024-39475 CVE-2024-40957 CVE-2024-39501 CVE-2024-42090 CVE-2024-40904 CVE-2024-40978 CVE-2022-48772 CVE-2024-40934 CVE-2024-38548 CVE-2024-41005 CVE-2024-36489 CVE-2024-36978 CVE-2024-38573 CVE-2024-42106 CVE-2024-42104 CVE-2024-42085 CVE-2024-38621 CVE-2024-42098 CVE-2024-38662 CVE-2024-38587 CVE-2024-41089 CVE-2024-42095 CVE-2024-40916 CVE-2024-39487 CVE-2024-42229 CVE-2023-52884 CVE-2024-40974 CVE-2024-40980 CVE-2024-42225 CVE-2024-39502 CVE-2024-37356 CVE-2024-39488 CVE-2024-40912 CVE-2024-39507 CVE-2024-38591 CVE-2024-31076 CVE-2024-40984 CVE-2024-39500 CVE-2024-38582 CVE-2024-34027 CVE-2024-36270 CVE-2024-42076 CVE-2024-42247 CVE-2024-42154 CVE-2024-41047 CVE-2024-42244 CVE-2024-41049 CVE-2024-33847 CVE-2024-36015 CVE-2024-42161 CVE-2024-42082 CVE-2024-41048 CVE-2024-40961 CVE-2024-41000 CVE-2024-38598 CVE-2024-41040 CVE-2024-36971 CVE-2024-41007 CVE-2024-36972 CVE-2024-38610 CVE-2024-40937 CVE-2024-38615 CVE-2024-38555 CVE-2024-40943 CVE-2024-39466 CVE-2024-40990 CVE-2024-42115 CVE-2024-40995 CVE-2024-38612 CVE-2024-40987 CVE-2024-38558 CVE-2024-42236 CVE-2024-38381 CVE-2024-42157 CVE-2024-38560 CVE-2024-42101 CVE-2024-40970 CVE-2024-42094 CVE-2024-42148 CVE-2024-35247 CVE-2024-40963 CVE-2024-38580 CVE-2024-38633 CVE-2024-38637 CVE-2024-40905 CVE-2024-41093 CVE-2024-38619 CVE-2024-42093 CVE-2024-40945 CVE-2024-42092 CVE-2024-36286 CVE-2024-40954 CVE-2024-41041 CVE-2024-38571 CVE-2024-39503 CVE-2024-38546 CVE-2024-40976 CVE-2024-36014 CVE-2024-41087 CVE-2024-42109 CVE-2024-42070 CVE-2024-42080 CVE-2024-41006 CVE-2024-42145 CVE-2024-40960 CVE-2024-38597 CVE-2024-42086 CVE-2024-40967 CVE-2024-42130 CVE-2024-42153 CVE-2024-39509 CVE-2024-40914 CVE-2024-39277 CVE-2024-41055 CVE-2024-41095 CVE-2024-38780 CVE-2024-36974 CVE-2024-38607 CVE-2024-38583 CVE-2024-40927 CVE-2024-39490 CVE-2024-38599 CVE-2023-52887 CVE-2024-38565 CVE-2024-38552 CVE-2024-40942 CVE-2024-37078 CVE-2024-40911 CVE-2024-41035 CVE-2024-38550 CVE-2024-42102 CVE-2024-42121 CVE-2024-36032 CVE-2024-42240 CVE-2024-42140 CVE-2024-38589 CVE-2024-40931 CVE-2024-39505 CVE-2024-38596 CVE-2024-42223 CVE-2024-38567 CVE-2024-39495 CVE-2024-40959 CVE-2024-38586 CVE-2024-42087 CVE-2024-38661 CVE-2024-41097 CVE-2024-38559 CVE-2024-38618 CVE-2024-39493 CVE-2024-41002 CVE-2024-40958 CVE-2024-39468 CVE-2024-38601 CVE-2024-39499 CVE-2024-39482 CVE-2024-38579 CVE-2024-42077 CVE-2024-38578 CVE-2024-34777 CVE-2024-39301 CVE-2024-38605 CVE-2024-42131 CVE-2024-42084 CVE-2024-41027 CVE-2024-40968 CVE-2024-38547 CVE-2024-42119 CVE-2024-38627 CVE-2024-40941 CVE-2024-40994 CVE-2024-40988 CVE-2024-41046 CVE-2024-38549 CVE-2024-39506 CVE-2024-38634 CVE-2024-42124 CVE-2024-42105 CVE-2024-38623 CVE-2024-38624 CVE-2024-33621 CVE-2024-42068 CVE-2024-36894 CVE-2024-39489 CVE-2024-42270 CVE-2024-40929 CVE-2024-39276 CVE-2024-42152 CVE-2024-41034 CVE-2024-40983 CVE-2024-42224 CVE-2024-40956 CVE-2024-40971 CVE-2024-38635 CVE-2024-42097 CVE-2024-42232 CVE-2024-38659 CVE-2024-39467 CVE-2024-41004 |
| CWE-ID | CWE-416 CWE-399 CWE-119 CWE-667 CWE-20 CWE-388 CWE-125 CWE-476 CWE-401 CWE-369 CWE-908 CWE-617 CWE-252 CWE-190 CWE-415 CWE-362 CWE-682 CWE-366 CWE-835 CWE-96 |
| Exploitation vector | Local network |
| Public exploit | Vulnerability #77 is being exploited in the wild. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-azure-cvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-fde-lts-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1072-azure-fde (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.15.0-1072-azure (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 219 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU94364
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25741
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper locking
EUVDB-ID: #VU94987
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42096
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU94316
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __bpf_prog_test_run_raw_tp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU94931
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42137
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93087
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38590
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU95108
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper error handling
EUVDB-ID: #VU93336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39469
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU94964
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fsl_asoc_card_probe() function in sound/soc/fsl/fsl-asoc-card.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU92312
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38588
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lookup_rec(), ftrace_location_range(), ftrace_process_locs(), ftrace_release_mod() and ftrace_free_mem() functions in kernel/trace/ftrace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU94938
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41092
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU95099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU94233
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40901
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mpt3sas_base_attach() and _base_check_ioc_facts_changes() functions in drivers/scsi/mpt3sas/mpt3sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU94269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40981
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU95014
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42127
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU94204
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40932
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Division by zero
EUVDB-ID: #VU93828
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39475
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_probe() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU94247
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40957
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper locking
EUVDB-ID: #VU94277
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39501
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU94988
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42090
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper locking
EUVDB-ID: #VU94283
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40904
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Resource management error
EUVDB-ID: #VU94299
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40978
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Memory leak
EUVDB-ID: #VU94205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40934
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU94264
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41005
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU93030
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36489
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU92332
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36978
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU92345
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38573
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() functions in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use of uninitialized resource
EUVDB-ID: #VU95024
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42106
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU94937
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42104
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU94965
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42085
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_suspend_common() and dwc3_resume_common() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Input validation error
EUVDB-ID: #VU95100
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42098
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper locking
EUVDB-ID: #VU93033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38662
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU92321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38587
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) NULL pointer dereference
EUVDB-ID: #VU94971
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Input validation error
EUVDB-ID: #VU95101
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42095
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU94281
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40916
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU93889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39487
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Buffer overflow
EUVDB-ID: #VU95078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU93035
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52884
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cyapa_suspend() and cyapa_resume() functions in drivers/input/mouse/cyapa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Buffer overflow
EUVDB-ID: #VU94301
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40974
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper locking
EUVDB-ID: #VU94270
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40980
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use of uninitialized resource
EUVDB-ID: #VU95028
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42225
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU94261
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39502
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU93024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37356
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper error handling
EUVDB-ID: #VU94087
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39488
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper locking
EUVDB-ID: #VU94282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40912
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU94284
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39507
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper locking
EUVDB-ID: #VU92364
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Memory leak
EUVDB-ID: #VU93016
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU94239
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU94262
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39500
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sock_map_close() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper locking
EUVDB-ID: #VU93125
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34027
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU93028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use of uninitialized resource
EUVDB-ID: #VU95031
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42076
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU95518
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42247
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper locking
EUVDB-ID: #VU94994
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41047
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Input validation error
EUVDB-ID: #VU95510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU94947
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41049
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Reachable assertion
EUVDB-ID: #VU93128
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33847
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the f2fs_setattr() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use of uninitialized resource
EUVDB-ID: #VU95027
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42161
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU95055
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU94982
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41048
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU94244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40961
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Integer overflow
EUVDB-ID: #VU94295
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41000
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Out-of-bounds read
EUVDB-ID: #VU92320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38598
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __acquires() function in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Use-after-free
EUVDB-ID: #VU94949
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41040
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
78) Resource management error
EUVDB-ID: #VU94345
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41007
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Out-of-bounds read
EUVDB-ID: #VU91664
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36972
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the queue_oob(), unix_stream_recv_urg() and manage_oob() functions in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU92313
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38610
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the acrn_vm_memseg_unmap() and acrn_vm_ram_map() functions in drivers/virt/acrn/mm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Double free
EUVDB-ID: #VU94289
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40937
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Input validation error
EUVDB-ID: #VU94120
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38615
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU94278
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40943
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) NULL pointer dereference
EUVDB-ID: #VU93331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39466
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lmh_probe() function in drivers/thermal/qcom/lmh.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Input validation error
EUVDB-ID: #VU94325
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Use-after-free
EUVDB-ID: #VU94932
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU92314
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38612
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the IS_ENABLED() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Resource management error
EUVDB-ID: #VU94307
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40987
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Input validation error
EUVDB-ID: #VU94117
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38558
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Memory leak
EUVDB-ID: #VU95502
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use of uninitialized resource
EUVDB-ID: #VU93042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Input validation error
EUVDB-ID: #VU95090
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42157
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) NULL pointer dereference
EUVDB-ID: #VU94963
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42101
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Resource management error
EUVDB-ID: #VU94300
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40970
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the axi_desc_alloc(), axi_desc_get() and axi_chan_block_xfer_complete() functions in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU95040
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42094
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Out-of-bounds read
EUVDB-ID: #VU94952
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42148
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU93122
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Input validation error
EUVDB-ID: #VU94318
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40963
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU92367
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38580
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU93032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU93046
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38637
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU94257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Improper error handling
EUVDB-ID: #VU95019
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41093
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Buffer overflow
EUVDB-ID: #VU95039
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42093
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU94250
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40945
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Input validation error
EUVDB-ID: #VU95000
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42092
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the davinci_gpio_probe() function in drivers/gpio/gpio-davinci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper locking
EUVDB-ID: #VU93036
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36286
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Use-after-free
EUVDB-ID: #VU94217
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40954
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Resource management error
EUVDB-ID: #VU95069
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41041
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) NULL pointer dereference
EUVDB-ID: #VU92346
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38571
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compute_intercept_slope() function in drivers/thermal/qcom/tsens.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU94230
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39503
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Race condition
EUVDB-ID: #VU94297
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40976
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lima_sched_timedout_job() function in drivers/gpu/drm/lima/lima_sched.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) NULL pointer dereference
EUVDB-ID: #VU89897
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36014
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the malidp_mw_connector_reset() function in drivers/gpu/drm/arm/malidp_mw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Double free
EUVDB-ID: #VU95008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41087
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU94934
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42109
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nft_rcv_nl_event() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Memory leak
EUVDB-ID: #VU94923
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Input validation error
EUVDB-ID: #VU95103
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42080
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rdma_restrack_init() and type2str() functions in drivers/infiniband/core/restrack.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Memory leak
EUVDB-ID: #VU94213
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41006
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Buffer overflow
EUVDB-ID: #VU95054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42145
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU94245
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Buffer overflow
EUVDB-ID: #VU95041
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42086
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU94274
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40967
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the imx_uart_console_write() function in drivers/tty/serial/imx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Incorrect calculation
EUVDB-ID: #VU95075
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42130
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the virtual_ncidev_write() function in drivers/nfc/virtual_ncidev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Improper locking
EUVDB-ID: #VU94983
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42153
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Resource management error
EUVDB-ID: #VU94310
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39509
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper error handling
EUVDB-ID: #VU94291
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40914
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Out-of-bounds read
EUVDB-ID: #VU93023
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39277
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_map_benchmark() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) NULL pointer dereference
EUVDB-ID: #VU94979
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41055
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) NULL pointer dereference
EUVDB-ID: #VU94966
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Input validation error
EUVDB-ID: #VU93310
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Resource management error
EUVDB-ID: #VU93181
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38607
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU94220
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40927
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Memory leak
EUVDB-ID: #VU94085
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39490
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Improper error handling
EUVDB-ID: #VU95018
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52887
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the j1939_xtp_rx_rts_session_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Memory leak
EUVDB-ID: #VU94207
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40942
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) NULL pointer dereference
EUVDB-ID: #VU94256
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40911
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Input validation error
EUVDB-ID: #VU95109
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41035
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) NULL pointer dereference
EUVDB-ID: #VU92348
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38550
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kirkwood_dma_hw_params() function in sound/soc/kirkwood/kirkwood-dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Integer overflow
EUVDB-ID: #VU95034
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42102
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Input validation error
EUVDB-ID: #VU95098
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Input validation error
EUVDB-ID: #VU90849
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36032
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qca_read_fw_build_info() function in drivers/bluetooth/btqca.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Buffer overflow
EUVDB-ID: #VU95516
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42240
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Improper locking
EUVDB-ID: #VU94985
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42140
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the machine_kexec_mask_interrupts() function in arch/riscv/kernel/machine_kexec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Improper locking
EUVDB-ID: #VU92365
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Use of uninitialized resource
EUVDB-ID: #VU94293
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40931
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) NULL pointer dereference
EUVDB-ID: #VU94259
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39505
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Race condition within a thread
EUVDB-ID: #VU92380
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38596
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Integer overflow
EUVDB-ID: #VU95037
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42223
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Use-after-free
EUVDB-ID: #VU94232
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39495
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) NULL pointer dereference
EUVDB-ID: #VU94246
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40959
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Buffer overflow
EUVDB-ID: #VU93134
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Resource management error
EUVDB-ID: #VU95066
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42087
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ili9881c_prepare() and ili9881c_unprepare() functions in drivers/gpu/drm/panel/panel-ilitek-ili9881c.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Resource management error
EUVDB-ID: #VU95067
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41097
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Memory leak
EUVDB-ID: #VU94086
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39493
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Memory leak
EUVDB-ID: #VU94212
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41002
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Use-after-free
EUVDB-ID: #VU94215
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Improper locking
EUVDB-ID: #VU93335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Memory leak
EUVDB-ID: #VU94201
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39499
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Out-of-bounds read
EUVDB-ID: #VU93821
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39482
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bch_dirty_init_thread() and bch_sectors_dirty_init() functions in drivers/md/bcache/writeback.c, within the bch_root_usage() function in drivers/md/bcache/sysfs.c, within the bch_cache_set_alloc() function in drivers/md/bcache/super.c, within the btree_gc_mark_node(), btree_gc_rewrite_node(), btree_gc_recurse(), bch_btree_check_recurse(), bch_btree_check_thread(), bch_btree_check(), bch_btree_map_nodes_recurse() and bch_btree_map_keys_recurse() functions in drivers/md/bcache/btree.c, within the bch_dump_bucket(), __bch_check_keys(), bch_btree_insert_key(), bch_btree_iter_push(), bch_btree_sort_partial() and bch_btree_sort_into() functions in drivers/md/bcache/bset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Resource management error
EUVDB-ID: #VU95068
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42077
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Input validation error
EUVDB-ID: #VU93172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-34777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Improper neutralization of directives in statically saved code (\'static code injection\')
EUVDB-ID: #VU95052
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42084
CWE-ID:
CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Resource management error
EUVDB-ID: #VU95071
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41027
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the userfaultfd_api() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Input validation error
EUVDB-ID: #VU94319
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40968
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) NULL pointer dereference
EUVDB-ID: #VU92350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38547
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Improper error handling
EUVDB-ID: #VU95015
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42119
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Buffer overflow
EUVDB-ID: #VU94315
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40941
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Integer overflow
EUVDB-ID: #VU94294
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Resource management error
EUVDB-ID: #VU94308
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40988
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Double free
EUVDB-ID: #VU95010
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41046
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) NULL pointer dereference
EUVDB-ID: #VU94258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39506
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lio_vf_rep_copy_packet() function in drivers/net/ethernet/cavium/liquidio/lio_vf_rep.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Input validation error
EUVDB-ID: #VU95097
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Use-after-free
EUVDB-ID: #VU94936
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42105
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) Buffer overflow
EUVDB-ID: #VU93236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38623
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) Integer overflow
EUVDB-ID: #VU93059
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38624
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the log_read_rst() function in fs/ntfs3/fslog.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) Resource management error
EUVDB-ID: #VU93043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33621
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Incorrect calculation
EUVDB-ID: #VU95076
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42068
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) Improper locking
EUVDB-ID: #VU90735
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Memory leak
EUVDB-ID: #VU94084
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39489
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) NULL pointer dereference
EUVDB-ID: #VU96145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42270
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the iptable_nat_init() function in net/ipv4/netfilter/iptable_nat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Memory leak
EUVDB-ID: #VU93320
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39276
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Memory leak
EUVDB-ID: #VU94922
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42152
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Improper error handling
EUVDB-ID: #VU95020
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41034
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Resource management error
EUVDB-ID: #VU94304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40983
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Use-after-free
EUVDB-ID: #VU94216
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40956
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Input validation error
EUVDB-ID: #VU94323
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40971
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) Input validation error
EUVDB-ID: #VU95001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42097
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) Use-after-free
EUVDB-ID: #VU95503
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42232
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Out-of-bounds read
EUVDB-ID: #VU93325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39467
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Improper locking
EUVDB-ID: #VU94265
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41004
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kernel/trace/Kconfig. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04 - 22.04
linux-image-azure-cvm (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure (Ubuntu package): before 5.15.0.1072.81~20.04.1
linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1072.70
linux-image-azure-fde-lts-22.04 (Ubuntu package): before 5.15.0.1072.81.49
linux-image-5.15.0-1072-azure-fde (Ubuntu package): before 5.15.0-1072.81.1
linux-image-5.15.0-1072-azure (Ubuntu package): before 5.15.0-1072.81~20.04.1
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7009-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
