Ubuntu update for linux-azure
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2024-42154 CVE-2023-52527 CVE-2024-26733 CVE-2024-42160 CVE-2021-47188 CVE-2024-38570 CVE-2024-26851 CVE-2024-26984 CVE-2024-26677 CVE-2024-39480 CVE-2024-27398 CVE-2022-48791 CVE-2024-42224 CVE-2024-38583 CVE-2024-40902 CVE-2023-52809 CVE-2024-39495 CVE-2024-26651 CVE-2024-26880 CVE-2024-42228 CVE-2024-27437 CVE-2022-48863 |
| CWE-ID | CWE-20 CWE-119 CWE-399 CWE-416 CWE-125 CWE-476 CWE-388 CWE-252 CWE-908 CWE-401 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-4.15.0-1181-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU95093
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42154
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sizeof() function in net/ipv4/tcp_metrics.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU93245
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52527
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU94999
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the f2fs_build_fault_attr() and parse_options() functions in fs/f2fs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU93843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47188
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU92309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38570
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU91096
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26851
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU90557
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU94139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26677
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rxrpc_propose_delay_ACK(), rxrpc_send_initial_ping() and rxrpc_input_call_event() functions in net/rxrpc/call_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93827
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39480
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kdb_printf() function in kernel/debug/kdb/kdb_io.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU94421
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pm8001_exec_internal_tmf_task() function in drivers/scsi/pm8001/pm8001_sas.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper error handling
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU94296
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) NULL pointer dereference
EUVDB-ID: #VU90419
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52809
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fc_lport_ptp_setup() function in drivers/scsi/libfc/fc_lport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU94232
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39495
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gb_interface_release() function in drivers/greybus/interface.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource management error
EUVDB-ID: #VU92988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use of uninitialized resource
EUVDB-ID: #VU95029
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42228
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the amdgpu_vce_ring_parse_cs() function in drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU93202
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27437
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU94393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48863
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dsp_pipeline_destroy() and dsp_pipeline_build() functions in drivers/isdn/mISDN/dsp_pipeline.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 14.04
linux-image-4.15.0-1181-azure (Ubuntu package): before Ubuntu Pro
linux-image-azure (Ubuntu package): before Ubuntu Pro (Infra-only)
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:
- cpe:2.3:o:canonical:linux-image-4.15.0-1181-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
- cpe:2.3:o:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:
http://ubuntu.com/security/notices/USN-7028-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
