Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2024-42160 CVE-2024-42159 CVE-2024-42154 CVE-2024-41009 CVE-2024-42228 CVE-2024-42224 |
| CWE-ID | CWE-20 CWE-908 CWE-388 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-64k-6.8 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-6.8 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-24.04a (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-lts-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm-classic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k-hwe-24.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-45-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-45-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-45-generic-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-45-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1016-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1015-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1014-nvidia-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1014-nvidia (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-oracle-64k (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1013-ibm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-6.8.0-1011-gke (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU94999
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-classic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1016-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1015-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1011-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU95089
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42159
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpi3mr_sas_port_add() function in drivers/scsi/mpi3mr/mpi3mr_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-classic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1016-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1015-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1011-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-classic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1016-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1015-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1011-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU94508
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-classic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1016-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1015-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1011-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-classic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1016-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1015-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1011-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
CPE2.3- cpe:2.3:o:canonical:ubuntu:22.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:24.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-6.8_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency-64k-hwe-22.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04a_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-lts-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm-classic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k-hwe-24.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-45-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1016-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1015-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1014-nvidia_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle-64k_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1013-ibm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-6.8.0-1011-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
