Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU94999
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
External linkshttp://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95089
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42159
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mpi3mr_sas_port_add() function in drivers/scsi/mpi3mr/mpi3mr_transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
External linkshttp://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
External linkshttp://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41009
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
External linkshttp://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
External linkshttp://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 22.04 - 24.04
linux-image-nvidia-64k-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-nvidia-6.8 (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-lowlatency-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-virtual-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-virtual (Ubuntu package): before 6.8.0-45.45
linux-image-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1013.13
linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-nvidia-64k (Ubuntu package): before 6.8.0-1014.15
linux-image-nvidia (Ubuntu package): before 6.8.0-1014.15
linux-image-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1
linux-image-lowlatency (Ubuntu package): before 6.8.0-45.45.1
linux-image-kvm (Ubuntu package): before 6.8.0-45.45
linux-image-ibm-lts-24.04 (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm-classic (Ubuntu package): before 6.8.0-1013.13
linux-image-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-gke (Ubuntu package): before 6.8.0-1011.14
linux-image-generic-lpae (Ubuntu package): before 6.8.0-45.45
linux-image-generic-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k-hwe-24.04 (Ubuntu package): before 6.8.0-45.45
linux-image-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-generic (Ubuntu package): before 6.8.0-45.45
linux-image-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-45-lowlatency-64k (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-lowlatency (Ubuntu package): before 6.8.0-45.45.1~22.04.1
linux-image-6.8.0-45-generic-64k (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-45-generic (Ubuntu package): before 6.8.0-45.45
linux-image-6.8.0-1016-aws (Ubuntu package): before 6.8.0-1016.17
linux-image-6.8.0-1015-gcp (Ubuntu package): before 6.8.0-1015.17
linux-image-6.8.0-1014-nvidia-lowlatency-64k (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-lowlatency (Ubuntu package): before 6.8.0-1014.15.1
linux-image-6.8.0-1014-nvidia-64k (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1014-nvidia (Ubuntu package): before 6.8.0-1014.15~22.04.1
linux-image-6.8.0-1013-oracle-64k (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oracle (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-oem (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1013-ibm (Ubuntu package): before 6.8.0-1013.13
linux-image-6.8.0-1011-gke (Ubuntu package): before 6.8.0-1011.14
External linkshttp://ubuntu.com/security/notices/USN-7020-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.