Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2024-26651 CVE-2024-38583 CVE-2023-52527 CVE-2024-26880 CVE-2022-48850 CVE-2024-26733 CVE-2021-47188 CVE-2024-42154 CVE-2023-52809 CVE-2024-42228 CVE-2022-48863 CVE-2022-48836 CVE-2022-48838 CVE-2024-26677 CVE-2024-27437 CVE-2022-48857 CVE-2022-48791 CVE-2021-47181 CVE-2024-26851 CVE-2024-40902 CVE-2022-48851 CVE-2024-38570 |
| CWE-ID | CWE-252 CWE-416 CWE-119 CWE-399 CWE-476 CWE-20 CWE-908 CWE-401 CWE-667 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-4.4.0-1136-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-lts-wily (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-lts-vivid (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-lts-utopic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-lts-wily (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-lts-vivid (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-lts-utopic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lts-wily (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lts-vivid (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lts-utopic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-259-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-259-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1174-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.4.0-1137-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lts-xenial (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU93245
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52527
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU94437
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48850
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the speed_show() function in net/core/net-sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU93843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47188
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU90419
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper locking
EUVDB-ID: #VU94447
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48836
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aiptek_probe() function in drivers/input/tablet/aiptek.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU94415
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48838
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the usb_gadget_remove_driver(), udc_bind_to_driver() and dev_err() functions in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU94412
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48857
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_digital_free_device() function in drivers/nfc/port100.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) NULL pointer dereference
EUVDB-ID: #VU92071
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47181
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU94414
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48851
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx_complete() function in drivers/staging/gdm724x/gdm_lte.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 16.04
linux-image-4.4.0-1136-aws (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-lowlatency-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-wily (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-vivid (Ubuntu package): before Ubuntu Pro
linux-image-generic-lts-utopic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-lowlatency (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-259-generic (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1174-aws (Ubuntu package): before Ubuntu Pro
linux-image-4.4.0-1137-kvm (Ubuntu package): before Ubuntu Pro
linux-image-virtual-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic-lts-xenial (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-lowlatency (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-kvm (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-generic (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-aws (Ubuntu package): before Ubuntu Pro (Infra-only)
linux-image-virtual (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:linux-image-4.4.0-1136-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-wily_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-vivid_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-utopic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-259-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1174-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-4.4.0-1137-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic-lts-xenial_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7039-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
