Ubuntu update for linux



Risk Low
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2024-39496
CVE-2024-41009
CVE-2024-26677
CVE-2024-42160
CVE-2024-27012
CVE-2024-42228
CVE-2024-39494
CVE-2024-38570
CWE-ID CWE-416
CWE-20
CWE-401
CWE-908
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Ubuntu
Operating systems & Components / Operating system

linux-image-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04c (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04b (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04d (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gkeop (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k-hwe-20.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure-cvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-virtual (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-raspi-nolpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oracle-lts-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-nvidia-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-nvidia (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-ibm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gkeop-5.15 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke-5.15 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-gcp-lts-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-azure-lts-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-aws-lts-22.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-122-generic-lpae (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-122-generic-64k (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-122-generic (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1073-azure (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1070-aws (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1069-gcp (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1068-oracle (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1067-kvm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1067-gke (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1065-nvidia (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1065-intel-iotg (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1063-raspi (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1063-ibm (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-5.15.0-1053-gkeop (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-intel (Ubuntu package)
Other

linux-image-intel-iotg (Ubuntu package)
Other
Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU94231

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39496

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btrfs_load_zone_info() function in fs/btrfs/zoned.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU94508

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41009

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU94139

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26677

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU94999

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42160

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU90461

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27012

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use of uninitialized resource

EUVDB-ID: #VU95029

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42228

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU94223

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39494

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU92309

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38570

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 22.04

linux-image-raspi (Ubuntu package): before 5.15.0.1063.61

linux-image-oem-20.04c (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04b (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04d (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gkeop (Ubuntu package): before 5.15.0.1053.52

linux-image-virtual-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-oem-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-intel (Ubuntu package): before 5.15.0.1065.71~20.04.1

linux-image-generic-lpae-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-generic-64k-hwe-20.04 (Ubuntu package): before 5.15.0.122.132~20.04.1

linux-image-gcp (Ubuntu package): before 5.15.0.1069.77~20.04.1

linux-image-azure-cvm (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-azure (Ubuntu package): before 5.15.0.1073.82~20.04.1

linux-image-aws (Ubuntu package): before 5.15.0.1070.76~20.04.1

linux-image-virtual (Ubuntu package): before 5.15.0.122.122

linux-image-raspi-nolpae (Ubuntu package): before 5.15.0.1063.61

linux-image-oracle-lts-22.04 (Ubuntu package): before 5.15.0.1068.64

linux-image-nvidia-lowlatency (Ubuntu package): before 5.15.0.1065.65

linux-image-nvidia (Ubuntu package): before 5.15.0.1065.65

linux-image-kvm (Ubuntu package): before 5.15.0.1067.63

linux-image-intel-iotg (Ubuntu package): before 5.15.0.1065.65

linux-image-ibm (Ubuntu package): before 5.15.0.1063.59

linux-image-gkeop-5.15 (Ubuntu package): before 5.15.0.1053.52

linux-image-gke-5.15 (Ubuntu package): before 5.15.0.1067.66

linux-image-gke (Ubuntu package): before 5.15.0.1067.66

linux-image-generic-lpae (Ubuntu package): before 5.15.0.122.122

linux-image-generic-64k (Ubuntu package): before 5.15.0.122.122

linux-image-generic (Ubuntu package): before 5.15.0.122.122

linux-image-gcp-lts-22.04 (Ubuntu package): before 5.15.0.1069.65

linux-image-azure-lts-22.04 (Ubuntu package): before 5.15.0.1073.71

linux-image-aws-lts-22.04 (Ubuntu package): before 5.15.0.1070.70

linux-image-5.15.0-122-generic-lpae (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic-64k (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-122-generic (Ubuntu package): before 5.15.0-122.132~20.04.1

linux-image-5.15.0-1073-azure (Ubuntu package): before 5.15.0-1073.82~20.04.1

linux-image-5.15.0-1070-aws (Ubuntu package): before 5.15.0-1070.76~20.04.1

linux-image-5.15.0-1069-gcp (Ubuntu package): before 5.15.0-1069.77~20.04.1

linux-image-5.15.0-1068-oracle (Ubuntu package): before 5.15.0-1068.74

linux-image-5.15.0-1067-kvm (Ubuntu package): before 5.15.0-1067.72

linux-image-5.15.0-1067-gke (Ubuntu package): before 5.15.0-1067.73

linux-image-5.15.0-1065-nvidia-lowlatency (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-nvidia (Ubuntu package): before 5.15.0-1065.66

linux-image-5.15.0-1065-intel-iotg (Ubuntu package): before 5.15.0-1065.71~20.04.1

linux-image-5.15.0-1063-raspi (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1063-ibm (Ubuntu package): before 5.15.0-1063.66

linux-image-5.15.0-1053-gkeop (Ubuntu package): before 5.15.0-1053.60~20.04.1

CPE2.3 External links

https://ubuntu.com/security/notices/USN-7021-1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###