Ubuntu update for linux
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47188
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU90461
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU94223
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39494
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ima_eventname_init_common() function in security/integrity/ima/ima_template_lib.c, within the ima_collect_measurement() and ima_d_path() functions in security/integrity/ima/ima_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU89239
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26787
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output within the sdmmc_idma_start() function in drivers/mmc/host/mmci_stm32_sdmmc.c. A local user can gain access to sensitive information.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU94999
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 20.04
linux-image-xilinx-zynqmp (Ubuntu package): before 5.4.0.1052.52
linux-image-virtual (Ubuntu package): before 5.4.0.196.194
linux-image-oracle-lts-20.04 (Ubuntu package): before 5.4.0.1132.125
linux-image-oem-osp1 (Ubuntu package): before Ubuntu Pro
linux-image-oem (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before 5.4.0.196.194
linux-image-kvm (Ubuntu package): before 5.4.0.1121.117
linux-image-ibm-lts-20.04 (Ubuntu package): before 5.4.0.1080.109
linux-image-gkeop-5.4 (Ubuntu package): before 5.4.0.1100.98
linux-image-gkeop (Ubuntu package): before 5.4.0.1100.98
linux-image-generic-lpae (Ubuntu package): before 5.4.0.196.194
linux-image-generic (Ubuntu package): before 5.4.0.196.194
linux-image-gcp-lts-20.04 (Ubuntu package): before 5.4.0.1137.139
linux-image-bluefield (Ubuntu package): before 5.4.0.1093.89
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1138.132
linux-image-aws-lts-20.04 (Ubuntu package): before 5.4.0.1133.130
linux-image-5.4.0-196-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-196-generic-lpae (Ubuntu package): before 5.4.0-196.216
linux-image-5.4.0-196-generic (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1138-azure (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1137-gcp (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1133-aws (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1132-oracle (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1121-kvm (Ubuntu package): before 5.4.0-1121.129
linux-image-5.4.0-1100-gkeop (Ubuntu package): before 5.4.0-1100.104
linux-image-5.4.0-1093-bluefield (Ubuntu package): before 5.4.0-1093.100
linux-image-5.4.0-1080-ibm (Ubuntu package): before Ubuntu Pro
linux-image-5.4.0-1052-xilinx-zynqmp (Ubuntu package): before 5.4.0-1052.56
linux-image-lowlatency-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-virtual-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-snapdragon-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-generic-hwe-18.04 (Ubuntu package): before Ubuntu Pro
linux-image-ibm (Ubuntu package): before Ubuntu Pro
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-gcp (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-oracle (Ubuntu package): before Ubuntu Pro (Infra-only)
External linkshttp://ubuntu.com/security/notices/USN-7022-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
