Ubuntu update for linux-azure
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 162 |
| CVE-ID | CVE-2022-36402 CVE-2024-46714 CVE-2024-42288 CVE-2024-42290 CVE-2024-44987 CVE-2024-41090 CVE-2024-42313 CVE-2024-46689 CVE-2024-46737 CVE-2024-44946 CVE-2024-44999 CVE-2024-44935 CVE-2024-38602 CVE-2024-43883 CVE-2024-26607 CVE-2024-41091 CVE-2024-45025 CVE-2024-42305 CVE-2024-26891 CVE-2024-41073 CVE-2024-44969 CVE-2024-26641 CVE-2024-46719 CVE-2024-40929 CVE-2024-46721 CVE-2024-46740 CVE-2024-41012 CVE-2024-42280 CVE-2024-46738 CVE-2024-46722 CVE-2024-42246 CVE-2024-41063 CVE-2024-41072 CVE-2024-41068 CVE-2024-43884 CVE-2024-46758 CVE-2024-43861 CVE-2024-42306 CVE-2024-42285 CVE-2024-41065 CVE-2024-46818 CVE-2024-43894 CVE-2024-44954 CVE-2024-42310 CVE-2024-46829 CVE-2023-52614 CVE-2024-47663 CVE-2024-42281 CVE-2024-42297 CVE-2024-46800 CVE-2024-44960 CVE-2024-44952 CVE-2024-46747 CVE-2024-42286 CVE-2024-41071 CVE-2024-43893 CVE-2023-52531 CVE-2024-43860 CVE-2024-46840 CVE-2024-41011 CVE-2024-43890 CVE-2024-45026 CVE-2024-42292 CVE-2024-27051 CVE-2024-41015 CVE-2024-47668 CVE-2024-46817 CVE-2024-43846 CVE-2024-44988 CVE-2024-44944 CVE-2024-43829 CVE-2024-45021 CVE-2024-43914 CVE-2024-43856 CVE-2024-46673 CVE-2024-46771 CVE-2024-41081 CVE-2024-43830 CVE-2024-43839 CVE-2024-43853 CVE-2024-47669 CVE-2024-42244 CVE-2021-47212 CVE-2024-46844 CVE-2024-44965 CVE-2024-41059 CVE-2024-46783 CVE-2024-42295 CVE-2024-35848 CVE-2024-41017 CVE-2024-47659 CVE-2024-42309 CVE-2024-26800 CVE-2024-41064 CVE-2024-43879 CVE-2024-46679 CVE-2024-43854 CVE-2024-41022 CVE-2024-43858 CVE-2024-46739 CVE-2024-46685 CVE-2024-42289 CVE-2024-44998 CVE-2024-46761 CVE-2024-46677 CVE-2024-42131 CVE-2024-46815 CVE-2024-46777 CVE-2024-43880 CVE-2024-42276 CVE-2024-42265 CVE-2024-46723 CVE-2024-42259 CVE-2024-45028 CVE-2024-42229 CVE-2024-42283 CVE-2024-44948 CVE-2024-44995 CVE-2024-46757 CVE-2024-46822 CVE-2024-45006 CVE-2024-46780 CVE-2024-26668 CVE-2024-42284 CVE-2024-46782 CVE-2024-46781 CVE-2024-43871 CVE-2024-42304 CVE-2024-42311 CVE-2024-45003 CVE-2024-46745 CVE-2024-41098 CVE-2024-46750 CVE-2024-47667 CVE-2024-41020 CVE-2024-26640 CVE-2024-41070 CVE-2024-42301 CVE-2024-43882 CVE-2024-45008 CVE-2024-26885 CVE-2024-42287 CVE-2024-46744 CVE-2024-43908 CVE-2024-46798 CVE-2023-52918 CVE-2024-36484 CVE-2024-43841 CVE-2024-41042 CVE-2024-38611 CVE-2024-43867 CVE-2024-26669 CVE-2024-42271 CVE-2024-46756 CVE-2024-44947 CVE-2024-43835 CVE-2024-46676 CVE-2024-46743 CVE-2024-46759 CVE-2024-46675 CVE-2024-46828 CVE-2024-46755 |
| CWE-ID | CWE-190 CWE-388 CWE-119 CWE-399 CWE-416 CWE-125 CWE-835 CWE-476 CWE-908 CWE-401 CWE-20 CWE-682 CWE-667 CWE-415 CWE-824 CWE-191 CWE-369 CWE-843 CWE-665 CWE-617 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #155 is available. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system linux-image-azure-lts-20.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1139-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-bluefield (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-5.4.0-1094-bluefield (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 162 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU80799
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36402
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger an integer overflow and crash the kernel.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper error handling
EUVDB-ID: #VU97548
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46714
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the wbscl_set_scaler_filter() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU96177
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42288
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qla2x00_number_of_exch() function in drivers/scsi/qla2xxx/qla_os.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU96181
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42290
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the imx_irqsteer_get_reg_index(), imx_irqsteer_irq_mask() and imx_irqsteer_probe() functions in drivers/irqchip/irq-imx-irqsteer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU96839
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44987
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_send_skb() function in net/ipv6/ip6_output.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU96109
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vdec_close() function in drivers/media/platform/qcom/venus/vdec.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Infinite loop
EUVDB-ID: #VU97279
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46689
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cmd_db_dev_probe() function in drivers/soc/qcom/cmd-db.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) NULL pointer dereference
EUVDB-ID: #VU97529
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46737
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_tcp_install_queue() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU96658
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-44946
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kcm_sendmsg(), KCM_STATS_ADD(), sk->sk_write_space() and init_kcm_sock() functions in net/kcm/kcmsock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Use of uninitialized resource
EUVDB-ID: #VU96870
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44999
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the gtp_dev_xmit() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU96522
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44935
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU92296
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38602
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ax25_addr_ax25dev(), ax25_dev_device_up() and ax25_dev_device_down() functions in net/ax25/ax25_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU96493
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43883
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vhci_urb_enqueue(), vhci_shutdown_connection() and vhci_device_reset() functions in drivers/usb/usbip/vhci_hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) NULL pointer dereference
EUVDB-ID: #VU90640
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sii902x_init() and sii902x_probe() functions in drivers/gpu/drm/bridge/sii902x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU94841
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Incorrect calculation
EUVDB-ID: #VU97193
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45025
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the free_fdtable_rcu(), copy_fdtable() and dup_fd() functions in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Resource management error
EUVDB-ID: #VU96182
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42305
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the add_dirent_to_buf() and make_indexed_dir() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU91524
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Double free
EUVDB-ID: #VU95011
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41073
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU96885
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44969
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Access of Uninitialized Pointer
EUVDB-ID: #VU89396
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26641
CWE-ID:
CWE-824 - Access of Uninitialized Pointer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU97534
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46719
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/typec/ucsi/ucsi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU94234
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-40929
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU97532
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46721
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __aafs_profile_mkdir() function in security/apparmor/apparmorfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU97492
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46740
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_transaction() function in drivers/android/binder.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU94672
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU96106
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU97491
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46738
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmci_resource_remove() function in drivers/misc/vmw_vmci/vmci_resource.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU97508
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46722
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_atombios_init_mc_reg_table() function in drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Infinite loop
EUVDB-ID: #VU95515
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42246
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper locking
EUVDB-ID: #VU94992
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41063
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU95106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41072
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Resource management error
EUVDB-ID: #VU95072
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41068
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU96538
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43884
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pair_device() function in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Integer underflow
EUVDB-ID: #VU97553
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46758
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the set_tcrit2(), set_tcrit1(), set_tcrit1_hyst() and set_offset() functions in drivers/hwmon/lm95234.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Memory leak
EUVDB-ID: #VU96290
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43861
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qmimux_rx_fixup() function in drivers/net/usb/qmi_wwan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU96184
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udf_sb_free_bitmap() function in fs/udf/super.c, within the read_block_bitmap() and __load_block_bitmap() functions in fs/udf/balloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU96107
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42285
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL(), destroy_cm_id() and cm_work_handler() functions in drivers/infiniband/core/iwcm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Memory leak
EUVDB-ID: #VU94926
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41065
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Input validation error
EUVDB-ID: #VU97842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46818
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the is_pin_busy(), set_pin_busy(), set_pin_free(), dal_gpio_service_lock() and dal_gpio_service_unlock() functions in drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU96536
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43894
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper locking
EUVDB-ID: #VU96859
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44954
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU96134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42310
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdv_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/cdv_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper locking
EUVDB-ID: #VU97803
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46829
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Buffer overflow
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Division by zero
EUVDB-ID: #VU98372
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47663
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ad9834_write_frequency() function in drivers/staging/iio/frequency/ad9834.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU96206
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bpf_skb_net_grow() function in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper error handling
EUVDB-ID: #VU96165
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42297
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_mark_inode_dirty_sync() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Use-after-free
EUVDB-ID: #VU97501
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the qdisc_enqueue() function in net/sched/sch_netem.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU96854
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44960
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_ep_enable() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper locking
EUVDB-ID: #VU96857
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44952
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_driver_name() and module_remove_driver() functions in drivers/base/module.c, within the dev_uevent() and uevent_show() functions in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU97504
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46747
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cougar_fix_g6_mapping() function in drivers/hid/hid-cougar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) NULL pointer dereference
EUVDB-ID: #VU96141
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42286
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla_nvme_register_remote() function in drivers/scsi/qla2xxx/qla_nvme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU94956
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41071
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper locking
EUVDB-ID: #VU96540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43893
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uart_set_info() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Buffer overflow
EUVDB-ID: #VU91210
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52531
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU96118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43860
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the imx_rproc_addr_init() function in drivers/remoteproc/imx_rproc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improper locking
EUVDB-ID: #VU97808
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46840
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reada_walk_down(), walk_down_proc(), do_walk_down() and walk_up_proc() functions in fs/btrfs/extent-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Input validation error
EUVDB-ID: #VU94530
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41011
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the kfd_ioctl_alloc_memory_of_gpu(), criu_restore_memory_of_gpu() and kfd_mmio_mmap() functions in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Buffer overflow
EUVDB-ID: #VU96544
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43890
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the get_free_elt(), tracing_map_clear() and tracing_map_create() functions in kernel/trace/tracing_map.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Buffer overflow
EUVDB-ID: #VU97188
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45026
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dasd_eckd_analysis_ccw(), dasd_eckd_build_check_tcw(), dasd_eckd_build_cp_cmd_single(), dasd_eckd_build_cp_tpm_track() and dasd_eckd_dump_sense() functions in drivers/s390/block/dasd_eckd.c, within the dasd_3990_erp_file_prot() function in drivers/s390/block/dasd_3990_erp.c, within the dasd_ese_needs_format(), dasd_int_handler() and list_for_each_entry_safe() functions in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds read
EUVDB-ID: #VU96114
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42292
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU91501
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27051
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Input validation error
EUVDB-ID: #VU94842
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Buffer overflow
EUVDB-ID: #VU98376
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47668
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Resource management error
EUVDB-ID: #VU97830
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46817
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_dm_initialize_drm_device() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU96186
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43846
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_obj_parent_assign() function in lib/objagg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU96845
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44988
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Type Confusion
EUVDB-ID: #VU96639
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44944
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU96124
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43829
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qxl_add_mode() function in drivers/gpu/drm/qxl/qxl_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Improper Initialization
EUVDB-ID: #VU97184
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Input validation error
EUVDB-ID: #VU96542
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Buffer overflow
EUVDB-ID: #VU96191
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43856
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dmam_free_coherent() function in kernel/dma/mapping.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use-after-free
EUVDB-ID: #VU97251
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46673
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aac_init_adapter() function in drivers/scsi/aacraid/comminit.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Memory leak
EUVDB-ID: #VU97485
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46771
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bcm_notify() function in net/can/bcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Resource management error
EUVDB-ID: #VU95051
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41081
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Double free
EUVDB-ID: #VU96162
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43830
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the led_trigger_set() function in drivers/leds/led-triggers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Input validation error
EUVDB-ID: #VU96197
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43839
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the bnad_tx_msix_register() and bnad_rx_msix_register() functions in drivers/net/ethernet/brocade/bna/bnad.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU96104
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43853
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the proc_cpuset_show() function in kernel/cgroup/cpuset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Improper locking
EUVDB-ID: #VU98367
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47669
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_abort_construction() and nilfs_segctor_do_construct() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Input validation error
EUVDB-ID: #VU95510
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42244
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Error Handling
EUVDB-ID: #VU89241
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47212
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect error handling within the mlx5_internal_err_ret_value() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Incorrect calculation
EUVDB-ID: #VU97833
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46844
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Buffer overflow
EUVDB-ID: #VU96878
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the pti_clone_pgtable() function in arch/x86/mm/pti.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use of uninitialized resource
EUVDB-ID: #VU95033
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41059
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Improper error handling
EUVDB-ID: #VU97546
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46783
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper error handling
EUVDB-ID: #VU96166
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42295
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_btree_get_new_block() function in fs/nilfs2/btree.c, within the nilfs_btnode_create_block() function in fs/nilfs2/btnode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Buffer overflow
EUVDB-ID: #VU91199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Input validation error
EUVDB-ID: #VU94843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41017
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Input validation error
EUVDB-ID: #VU98382
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47659
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rcu_read_unlock() function in security/smack/smack_lsm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU96135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42309
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psb_intel_lvds_get_modes() function in drivers/gpu/drm/gma500/psb_intel_lvds.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU90210
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the struct_group(), tls_do_decryption() and tls_decrypt_sg() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Improper locking
EUVDB-ID: #VU94991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41064
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Resource management error
EUVDB-ID: #VU96304
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43879
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Input validation error
EUVDB-ID: #VU97269
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46679
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Memory leak
EUVDB-ID: #VU96099
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43854
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improper error handling
EUVDB-ID: #VU95022
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41022
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Out-of-bounds read
EUVDB-ID: #VU96113
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) NULL pointer dereference
EUVDB-ID: #VU97528
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46739
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hv_uio_channel_cb() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) NULL pointer dereference
EUVDB-ID: #VU97259
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46685
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_get_function() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU96139
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42289
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_disable_vp() function in drivers/scsi/qla2xxx/qla_mid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use-after-free
EUVDB-ID: #VU96842
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_rx() function in drivers/atm/idt77252.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU97513
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46761
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pnv_php_disable_irq() function in drivers/pci/hotplug/pnv_php.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU97257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46677
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gtp_encap_enable_socket() function in drivers/net/gtp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Integer overflow
EUVDB-ID: #VU95035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42131
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Input validation error
EUVDB-ID: #VU97843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the build_watermark_ranges() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Integer overflow
EUVDB-ID: #VU97550
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46777
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the udf_fill_partdesc_info() function in fs/udf/super.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Resource management error
EUVDB-ID: #VU96305
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43880
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Input validation error
EUVDB-ID: #VU96205
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42276
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nvme_prep_rq() function in drivers/nvme/host/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Input validation error
EUVDB-ID: #VU96203
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __releases() function in fs/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Out-of-bounds read
EUVDB-ID: #VU97509
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_cgs_get_firmware_info() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Buffer overflow
EUVDB-ID: #VU96008
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42259
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the i915_error_to_vmf_fault() and vm_fault_gtt() functions in drivers/gpu/drm/i915/gem/i915_gem_mman.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) NULL pointer dereference
EUVDB-ID: #VU97173
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45028
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtf_test_write() function in drivers/mmc/core/mmc_test.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Buffer overflow
EUVDB-ID: #VU95078
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42229
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Memory leak
EUVDB-ID: #VU96195
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42283
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nla_put_nh_group() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Input validation error
EUVDB-ID: #VU96889
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU96855
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-44995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hns3_reset_notify_uninit_enet() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Integer underflow
EUVDB-ID: #VU97552
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46757
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_temp_offset() function in drivers/hwmon/nct6775.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) NULL pointer dereference
EUVDB-ID: #VU97798
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46822
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the arch/arm64/include/asm/acpi.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU96852
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45006
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_configure_endpoint() and xhci_setup_device() functions in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Buffer overflow
EUVDB-ID: #VU97564
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46780
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Integer overflow
EUVDB-ID: #VU91180
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26668
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Buffer overflow
EUVDB-ID: #VU96176
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42284
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU97496
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46782
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ila_xlat_init_net() and ila_xlat_exit_net() functions in net/ipv6/ila/ila_xlat.c, within the ila_pre_exit_net() and ila_exit_net() functions in net/ipv6/ila/ila_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU97495
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46781
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_finish_roll_forward() and nilfs_salvage_orphan_logs() functions in fs/nilfs2/recovery.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Memory leak
EUVDB-ID: #VU96287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43871
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper error handling
EUVDB-ID: #VU96164
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42304
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __ext4_read_dirblock(), ext4_empty_dir() and ext4_get_first_dir_block() functions in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use of uninitialized resource
EUVDB-ID: #VU96172
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42311
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hfs_new_inode() and hfs_inode_read_fork() functions in fs/hfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Use-after-free
EUVDB-ID: #VU96843
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45003
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_lru_list_del(), evict() and inode_lru_isolate() functions in fs/inode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use-after-free
EUVDB-ID: #VU97493
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46745
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uinput_validate_absinfo() function in drivers/input/misc/uinput.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) NULL pointer dereference
EUVDB-ID: #VU94970
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41098
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Improper locking
EUVDB-ID: #VU97539
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46750
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pci_bus_lock(), pci_bus_unlock(), pci_bus_trylock(), list_for_each_entry_continue_reverse(), pci_slot_lock() and pci_slot_trylock() functions in drivers/pci/pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Input validation error
EUVDB-ID: #VU98380
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-47667
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the RTL GENMASK(), to_keystone_pcie(), ks_pcie_start_link() and ks_pcie_quirk() functions in drivers/pci/controller/dwc/pci-keystone.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Improper locking
EUVDB-ID: #VU94996
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41020
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Resource management error
EUVDB-ID: #VU89397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26640
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Use-after-free
EUVDB-ID: #VU94942
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41070
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Out-of-bounds read
EUVDB-ID: #VU96116
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42301
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Improper locking
EUVDB-ID: #VU96295
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43882
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bprm_fill_uid() function in fs/exec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Buffer overflow
EUVDB-ID: #VU96883
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45008
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the input_mt_init_slots() function in drivers/input/input-mt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Buffer overflow
EUVDB-ID: #VU89840
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) NULL pointer dereference
EUVDB-ID: #VU96140
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42287
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Input validation error
EUVDB-ID: #VU97540
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46744
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) NULL pointer dereference
EUVDB-ID: #VU96525
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43908
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_interrupt_process_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use-after-free
EUVDB-ID: #VU97500
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_soc_dai_link_event() function in sound/soc/soc-dapm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) NULL pointer dereference
EUVDB-ID: #VU99254
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52918
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cx23885_video_register() function in drivers/media/pci/cx23885/cx23885-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Reachable assertion
EUVDB-ID: #VU93039
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36484
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the __inet_accept() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Resource management error
EUVDB-ID: #VU96187
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43841
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the virt_wifi_inform_bss(), virt_wifi_connect() and virt_wifi_connect_complete() functions in drivers/net/wireless/virt_wifi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Input validation error
EUVDB-ID: #VU95003
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-41042
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Memory leak
EUVDB-ID: #VU92298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38611
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the et8ek8_remove() and __exit_p() functions in drivers/media/i2c/et8ek8/et8ek8_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Integer underflow
EUVDB-ID: #VU96301
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43867
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nouveau_gem_prime_import_sg_table() function in drivers/gpu/drm/nouveau/nouveau_prime.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Memory leak
EUVDB-ID: #VU90010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26669
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Use-after-free
EUVDB-ID: #VU96105
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42271
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Integer underflow
EUVDB-ID: #VU97551
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46756
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the store_target_temp() and store_tolerance() functions in drivers/hwmon/w83627ehf.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Memory leak
EUVDB-ID: #VU96711
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-44947
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fuse_notify_store() function in fs/fuse/dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
156) Improper locking
EUVDB-ID: #VU96148
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-43835
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the virtnet_receive(), virtnet_poll_cleantx(), virtnet_poll() and virtnet_poll_tx() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Division by zero
EUVDB-ID: #VU97276
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46676
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the pn533_start_poll() function in drivers/nfc/pn533/pn533.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Out-of-bounds read
EUVDB-ID: #VU97503
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the of_irq_parse_one() function in drivers/of/irq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Integer underflow
EUVDB-ID: #VU97554
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46759
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the adc128_set_in() and adc128_set_temp() functions in drivers/hwmon/adc128d818.c. A local user can execute arbitrary code.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Buffer overflow
EUVDB-ID: #VU97287
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46675
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the dwc3_event_buffers_setup() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Out-of-bounds read
EUVDB-ID: #VU97786
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) NULL pointer dereference
EUVDB-ID: #VU97525
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-46755
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/wireless/marvell/mwifiex/main.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux-azure to the latest version.
Vulnerable software versionsUbuntu: 20.04
linux-image-azure-lts-20.04 (Ubuntu package): before 5.4.0.1139.133
linux-image-5.4.0-1139-azure (Ubuntu package): before 5.4.0-1139.146
linux-image-bluefield (Ubuntu package): before 5.4.0.1094.90
linux-image-5.4.0-1094-bluefield (Ubuntu package): before 5.4.0-1094.101
CPE2.3 External linkshttp://ubuntu.com/security/notices/USN-7088-2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
