Ubuntu update for linux-nvidia-6.8

1) Use-after-free

EUVDB-ID: #VU91600

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-23848

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU94296

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40902

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU93340

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39465

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mgb4_remove() function in drivers/media/pci/mgb4/mgb4_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU94089

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39492

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cmdq_mbox_shutdown() function in drivers/mailbox/mtk-cmdq-mailbox.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU94297

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40976

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lima_sched_timedout_job() function in drivers/gpu/drm/lima/lima_sched.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU94216

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40956

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the irq_process_work_list() function in drivers/dma/idxd/irq.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU93827

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39480

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU93325

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39467

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU93829

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39478

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the starfive_rsa_enc_core() function in drivers/crypto/starfive/jh7110-rsa.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU94084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39489

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_hmac_init_algo() and seg6_hmac_net_init() functions in net/ipv6/seg6_hmac.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU94309

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41003

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the check_cond_jmp_op() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU94228

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39510

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_daemon_read() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU94251

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39498

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv50_msto_cleanup() function in drivers/gpu/drm/nouveau/dispnv50/disp.c, within the intel_mst_enable_dp() function in drivers/gpu/drm/i915/display/intel_dp_mst.c, within the EXPORT_SYMBOL() function in drivers/gpu/drm/display/drm_dp_mst_topology.c, within the dm_helpers_dp_mst_send_payload_allocation() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer overflow

EUVDB-ID: #VU94294

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40994

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the max_vclocks_store() function in drivers/ptp/ptp_sysfs.c. A local user can execute arbitrary code.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Double free

EUVDB-ID: #VU94289

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40937

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gve_rx_skb_hash() and gve_rx_poll_dqo() functions in drivers/net/ethernet/google/gve/gve_rx_dqo.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper error handling

EUVDB-ID: #VU94087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39488

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch/arm64/include/asm/asm-bug.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU94325

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40990

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_srq() function in drivers/infiniband/hw/mlx5/srq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU94237

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40955

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the EXT4_ATTR_FUNC(), ext4_attr_show() and ext4_attr_store() functions in fs/ext4/sysfs.c, within the mb_avg_fragment_size_order() and ext4_mb_choose_next_group_best_avail() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU94257

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40905

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_get_pcpu_route() function in net/ipv6/route.c, within the __fib6_drop_pcpu_from() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU94231

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39496

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_zone_info() function in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU93029

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36478

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU94221

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40920

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_mst_set_state() function in net/bridge/br_mst.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU94217

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40954

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Race condition

EUVDB-ID: #VU93131

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-32936

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the ti_csi2rx_buffer_queue() function in drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU94254

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40919

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __hwrm_send() function in drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU94218

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40947

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smack_post_notification() function in security/smack/smack_lsm.c, within the selinux_audit_rule_free() and selinux_audit_rule_init() functions in security/selinux/ss/services.c, within the security_key_getsecurity() function in security/security.c, within the ima_free_rule(), ima_lsm_copy_rule(), ima_lsm_update_rule() and ima_lsm_rule_init() functions in security/integrity/ima/ima_policy.c, within the aa_audit_rule_free() and aa_audit_rule_init() functions in security/apparmor/audit.c, within the audit_data_to_entry() and audit_dupe_lsm_field() functions in kernel/auditfilter.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU94306

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40975

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the x86_android_tablet_remove() function in drivers/platform/x86/x86-android-tablets/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU93831

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39481

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the media_pipeline_explore_next_link() function in drivers/media/mc/mc-entity.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Resource management error

EUVDB-ID: #VU94304

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40983

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Memory leak

EUVDB-ID: #VU93320

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39276

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper locking

EUVDB-ID: #VU93126

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37026

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xe_migrate_prepare_vm(), xe_migrate_usm_logical_mask() and xe_migrate_init() functions in drivers/gpu/drm/xe/xe_migrate.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper locking

EUVDB-ID: #VU94270

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40980

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reset_per_cpu_data(), trace_drop_common(), net_dm_hw_reset_per_cpu_data(), net_dm_hw_summary_probe() and __net_dm_cpu_data_init() functions in net/core/drop_monitor.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU93327

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU93332

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39470

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the eventfs_find_events() function in fs/tracefs/event_inode.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU94249

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40951

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ocfs2_fill_super() function in fs/ocfs2/super.c, within the to_ocfs2_trigger(), ocfs2_db_frozen_trigger() and __ocfs2_journal_access() functions in fs/ocfs2/journal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU94220

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40927

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xhci_invalidate_cancelled_tds() and xhci_handle_cmd_set_deq() functions in drivers/usb/host/xhci-ring.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Out-of-bounds read

EUVDB-ID: #VU93027

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38635

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Buffer overflow

EUVDB-ID: #VU94301

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40974

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU93335

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39468

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Infinite loop

EUVDB-ID: #VU93130

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38384

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __blkcg_rstat_flush() function in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Race condition

EUVDB-ID: #VU93373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37354

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU94302

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40992

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the rxe_resp_check_length() function in drivers/infiniband/sw/rxe/rxe_resp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Memory leak

EUVDB-ID: #VU94205

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40934

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the logi_dj_recv_switch_to_dj_mode() function in drivers/hid/hid-logitech-dj.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper Initialization

EUVDB-ID: #VU94298

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40925

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the blk_flush_complete_seq() and flush_end_io() functions in block/blk-flush.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU94219

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40935

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_daemon_open() function in fs/cachefiles/daemon.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU93822

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39473

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sof_ipc4_get_input_pin_audio_fmt() function in sound/soc/sof/ipc4-topology.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Memory leak

EUVDB-ID: #VU94203

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40910

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ax25_accept() function in net/ax25/af_ax25.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Memory leak

EUVDB-ID: #VU94208

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40979

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ath12k_qmi_free_target_mem_chunk(), ath12k_qmi_alloc_target_mem_chunk() and ath12k_qmi_m3_load() functions in drivers/net/wireless/ath/ath12k/qmi.c, within the ath12k_core_reset() function in drivers/net/wireless/ath/ath12k/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU94277

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39501

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper locking

EUVDB-ID: #VU93037

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38628

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the free_ep_fback(), u_audio_set_volume(), u_audio_set_mute() and g_audio_setup() functions in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Resource management error

EUVDB-ID: #VU93339

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39298

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the me_huge_page() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU94224

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40909

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_obj_get(), bpf_link_defer_dealloc_mult_rcu_gp() and bpf_link_free() functions in kernel/bpf/syscall.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Use-after-free

EUVDB-ID: #VU93070

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38629

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the idxd_wq_del_cdev() function in drivers/dma/idxd/cdev.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Integer overflow

EUVDB-ID: #VU94295

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41000

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the blkpg_do_ioctl() function in block/ioctl.c. A local user can execute arbitrary code.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Input validation error

EUVDB-ID: #VU94324

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40989

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU94314

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40924

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/i915/gem/i915_gem_object.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Improper locking

EUVDB-ID: #VU94278

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Memory leak

EUVDB-ID: #VU94213

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41006

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nr_heartbeat_expiry() function in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU93025

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38621

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds read

EUVDB-ID: #VU93324

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39462

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the clk_dvp_probe() function in drivers/clk/bcm/clk-bcm2711-dvp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU93032

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38633

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU94256

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40911

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Memory leak

EUVDB-ID: #VU94201

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39499

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the event_deliver() function in drivers/misc/vmw_vmci/vmci_event.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Input validation error

EUVDB-ID: #VU94319

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40968

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Memory leak

EUVDB-ID: #VU94209

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40985

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcp_ao_info_cmd() function in net/ipv4/tcp_ao.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Improper locking

EUVDB-ID: #VU94271

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40977

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mt76s_tx_status_data() function in drivers/net/wireless/mediatek/mt76/sdio.c, within the mt7921s_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c, within the mt7921e_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c, within the mt7921_mac_reset_work() function in drivers/net/wireless/mediatek/mt76/mt7921/mac.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds read

EUVDB-ID: #VU93323

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39461

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the raspberrypi_discover_clocks() function in drivers/clk/bcm/clk-raspberrypi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU94275

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40966

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the con_cleanup() function in drivers/tty/vt/vt.c, within the tty_set_ldisc() function in drivers/tty/tty_ldisc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Input validation error

EUVDB-ID: #VU94317

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40944

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the machine_kexec_cleanup() and machine_kexec() functions in arch/x86/kernel/machine_kexec_64.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) NULL pointer dereference

EUVDB-ID: #VU93331

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39466

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lmh_probe() function in drivers/thermal/qcom/lmh.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Use-after-free

EUVDB-ID: #VU93021

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38630

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Use-after-free

EUVDB-ID: #VU94949

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41040

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the net/sched/act_ct.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU94230

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39503

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Input validation error

EUVDB-ID: #VU93310

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36974

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the taprio_parse_mqprio_opt() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) NULL pointer dereference

EUVDB-ID: #VU93330

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39464

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the v4l2_async_nf_init() and v4l2_async_subdev_nf_init() functions in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) NULL pointer dereference

EUVDB-ID: #VU94245

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40960

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) NULL pointer dereference

EUVDB-ID: #VU94240

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40982

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ssb_bus_match() function in drivers/ssb/main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU93017

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36281

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Use-after-free

EUVDB-ID: #VU94227

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_req_put(), cachefiles_ondemand_daemon_read() and cachefiles_ondemand_send_req() functions in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Buffer overflow

EUVDB-ID: #VU93129

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39291

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the gfx_v9_4_3_init_microcode() function in drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Input validation error

EUVDB-ID: #VU94316

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40908

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __bpf_prog_test_run_raw_tp() function in net/bpf/test_run.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU93122

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35247

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Memory leak

EUVDB-ID: #VU94211

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41001

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the io_sq_thread() function in io_uring/sqpoll.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Memory leak

EUVDB-ID: #VU94086

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39493

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the adf_device_reset_worker() and adf_dev_aer_schedule_reset() functions in drivers/crypto/qat/qat_common/adf_aer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) NULL pointer dereference

EUVDB-ID: #VU93823

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39474

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vm_area_alloc_pages() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Use of uninitialized resource

EUVDB-ID: #VU93826

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39485

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __v4l2_async_nf_unregister() function in drivers/media/v4l2-core/v4l2-async.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper locking

EUVDB-ID: #VU93036

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36286

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the instance_destroy_rcu() function in net/netfilter/nfnetlink_queue.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) NULL pointer dereference

EUVDB-ID: #VU93044

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38622

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_core_irq_callback_handler() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU93252

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36244

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) NULL pointer dereference

EUVDB-ID: #VU94238

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40933

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx90635_probe() function in drivers/iio/temperature/mlx90635.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Input validation error

EUVDB-ID: #VU94322

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40940

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_lag_create_port_sel_table() function in drivers/net/ethernet/mellanox/mlx5/core/lag/port_sel.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper error handling

EUVDB-ID: #VU94088

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39491

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the cs35l56_hda_unbind(), cs35l56_hda_common_probe() and cs35l56_hda_remove() functions in sound/pci/hda/cs35l56_hda.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) NULL pointer dereference

EUVDB-ID: #VU93046

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38637

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __gb_lights_flash_brightness_set() and gb_lights_light_v4l2_register() functions in drivers/staging/greybus/light.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Memory leak

EUVDB-ID: #VU93018

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the wmfw_convert_flags(), hda_cs_dsp_add_kcontrol(), hda_cs_dsp_control_add() and hda_cs_dsp_control_remove() functions in sound/pci/hda/hda_cs_dsp_ctl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Input validation error

EUVDB-ID: #VU94287

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40999

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ena_com_cdesc_rx_pkt_get() and ena_com_rx_pkt() functions in drivers/net/ethernet/amazon/ena/ena_eth_com.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Resource management error

EUVDB-ID: #VU93043

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33621

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Improper locking

EUVDB-ID: #VU93125

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34027

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the f2fs_release_compress_blocks() and f2fs_reserve_compress_blocks() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) NULL pointer dereference

EUVDB-ID: #VU94250

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40945

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/iommu.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Reachable assertion

EUVDB-ID: #VU93039

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36484

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU94215

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Resource management error

EUVDB-ID: #VU94308

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40988

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Use-after-free

EUVDB-ID: #VU94222

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40915

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the set_direct_map_default_noflush() function in arch/riscv/mm/pageattr.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Buffer overflow

EUVDB-ID: #VU94303

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40996

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Improper locking

EUVDB-ID: #VU93033

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38662

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the may_update_sockmap() and check_map_func_compatibility() functions in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) NULL pointer dereference

EUVDB-ID: #VU94244

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40961

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper locking

EUVDB-ID: #VU94281

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40916

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hdmi_get_modes() function in drivers/gpu/drm/exynos/exynos_hdmi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Improper locking

EUVDB-ID: #VU94263

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40949

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shmem_replace_folio() function in mm/shmem.c, within the __mem_cgroup_uncharge_folios() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Memory leak

EUVDB-ID: #VU94212

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41002

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sec_alg_resource_free() function in drivers/crypto/hisilicon/sec2/sec_crypto.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Buffer overflow

EUVDB-ID: #VU94313

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39497

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drm_gem_shmem_mmap() function in drivers/gpu/drm/drm_gem_shmem_helper.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU94268

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40986

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xdma_channel_isr() function in drivers/dma/xilinx/xdma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Input validation error

EUVDB-ID: #VU94318

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40963

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Use of uninitialized resource

EUVDB-ID: #VU93041

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the efi_free() function in drivers/firmware/efi/libstub/fdt.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper locking

EUVDB-ID: #VU94280

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40918

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the PTR_PAGE_ALIGN_DOWN(), __flush_cache_page(), flush_icache_pages(), pte_needs_flush(), flush_dcache_folio(), purge_kernel_dcache_page_asm(), copy_user_highpage(), __flush_tlb_range(), flush_cache_range(), flush_anon_page() and invalidate_kernel_vmap_range() functions in arch/parisc/kernel/cache.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) NULL pointer dereference

EUVDB-ID: #VU93121

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34030

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_pci_prop_intr_map() function in drivers/pci/of_property.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Reachable assertion

EUVDB-ID: #VU93128

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33847

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the f2fs_setattr() function in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Improper locking

EUVDB-ID: #VU94267

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40995

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Improper locking

EUVDB-ID: #VU94269

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40981

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Memory leak

EUVDB-ID: #VU94207

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40942

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mesh_path_discard_frame() function in net/mac80211/mesh_pathtbl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Memory leak

EUVDB-ID: #VU94204

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40932

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vidi_get_modes() function in drivers/gpu/drm/exynos/exynos_drm_vidi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU94085

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39490

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the seg6_input_core() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Use-after-free

EUVDB-ID: #VU94232

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39495

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) NULL pointer dereference

EUVDB-ID: #VU94246

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40959

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) NULL pointer dereference

EUVDB-ID: #VU94259

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39505

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the komeda_component_get_avail_scaler() function in drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Input validation error

EUVDB-ID: #VU93172

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-34777

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Out-of-bounds read

EUVDB-ID: #VU93326

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39471

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Improper locking

EUVDB-ID: #VU93035

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52884

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cyapa_suspend() and cyapa_resume() functions in drivers/input/mouse/cyapa.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) NULL pointer dereference

EUVDB-ID: #VU94239

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Use-after-free

EUVDB-ID: #VU94214

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40913

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_req_put(), cachefiles_ondemand_restore(), cachefiles_ondemand_get_fd() and cachefiles_ondemand_daemon_read() functions in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Input validation error

EUVDB-ID: #VU92371

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38618

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Out-of-bounds read

EUVDB-ID: #VU93024

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37356

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) NULL pointer dereference

EUVDB-ID: #VU94252

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40928

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ethtool_get_phy_stats_ethtool() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Out-of-bounds read

EUVDB-ID: #VU94952

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42148

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Improper error handling

EUVDB-ID: #VU93336

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39469

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Buffer overflow

EUVDB-ID: #VU93236

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38623

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) NULL pointer dereference

EUVDB-ID: #VU94242

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40964

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cs35l41_hda_unbind() function in sound/pci/hda/cs35l41_hda.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Improper locking

EUVDB-ID: #VU93034

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38780

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Resource management error

EUVDB-ID: #VU94300

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40970

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the axi_desc_alloc(), axi_desc_get() and axi_chan_block_xfer_complete() functions in drivers/dma/dw-axi-dmac/dw-axi-dmac-platform.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU93030

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36489

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Out-of-bounds read

EUVDB-ID: #VU92332

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36978

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Input validation error

EUVDB-ID: #VU94323

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40971

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the default_options() function in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Out-of-bounds read

EUVDB-ID: #VU94234

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40929

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Memory leak

EUVDB-ID: #VU93016

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-31076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Input validation error

EUVDB-ID: #VU94286

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40948

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the page_table_check_clear(), page_table_check_set() and __page_table_check_zero() functions in mm/page_table_check.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Memory leak

EUVDB-ID: #VU94210

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40997

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) NULL pointer dereference

EUVDB-ID: #VU93329

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39371

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the io_ring_buffer_select() function in io_uring/kbuf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Double free

EUVDB-ID: #VU92208

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36973

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the gp_aux_bus_probe(), auxiliary_device_uninit() and kfree() functions in drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Out-of-bounds read

EUVDB-ID: #VU94236

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40953

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_vcpu_on_spin() function in virt/kvm/kvm_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper locking

EUVDB-ID: #VU94264

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41005

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netpoll_owner_active() function in net/core/netpoll.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Improper locking

EUVDB-ID: #VU94276

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40965

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lpi2c_imx_config() and lpi2c_imx_probe() functions in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Use-after-free

EUVDB-ID: #VU93322

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39463

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the v9fs_cached_dentry_delete() function in fs/9p/vfs_dentry.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Use-after-free

EUVDB-ID: #VU94229

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39508

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the WORKER_IDLE_TIMEOUT(), io_work_get_acct(), io_worker_exit(), io_wq_dec_running(), __io_worker_busy(), io_wq_worker(), io_wq_worker_running(), io_wq_worker_sleeping(), io_init_new_worker(), init_completion() and io_wq_work_match_item() functions in io_uring/io-wq.c. A local user can escalate privileges on the system.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Improper locking

EUVDB-ID: #VU93342

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-37078

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Resource management error

EUVDB-ID: #VU94310

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39509

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the implement() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) NULL pointer dereference

EUVDB-ID: #VU93031

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38390

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the a6xx_gpu_init() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Out-of-bounds read

EUVDB-ID: #VU93080

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38659

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Improper locking

EUVDB-ID: #VU94284

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39507

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hclge_push_link_status(), hclge_update_link_status(), hclge_uninit_need_wait() and hclge_uninit_client_instance() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Unchecked Return Value

EUVDB-ID: #VU89896

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36015

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) NULL pointer dereference

EUVDB-ID: #VU94253

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40921

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the br_mst_get_state(), br_mst_set_state() and br_mst_vlan_sync_state() functions in net/bridge/br_mst.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Improper locking

EUVDB-ID: #VU94283

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40904

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Buffer overflow

EUVDB-ID: #VU94315

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40941

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) NULL pointer dereference

EUVDB-ID: #VU94247

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-40957

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the input_action_end_dx6() and input_action_end_dx4() functions in net/ipv6/seg6_local.c. A local user can perform a denial of service (DoS) attack.

Update the affected package linux-nvidia-6.8 to the latest version.

Ubuntu: 22.04

linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia-64k (Ubuntu package): before 6.8.0-1013.14~22.04.1

linux-image-6.8.0-1013-nvidia (Ubuntu package): before 6.8.0-1013.14~22.04.1

http://ubuntu.com/security/notices/USN-7005-2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Use of uninitialized resource

EUVDB-ID: #VU93082

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38619

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.