Ubuntu update for linux-oem-6.8



| Updated: 2024-12-04
Risk Low
Patch available YES
Number of vulnerabilities 196
CVE-ID CVE-2024-25741
CVE-2024-41064
CVE-2024-41087
CVE-2023-52888
CVE-2024-42098
CVE-2024-42111
CVE-2024-42076
CVE-2024-42088
CVE-2024-42135
CVE-2024-42145
CVE-2024-42142
CVE-2024-41036
CVE-2024-41071
CVE-2024-41012
CVE-2024-42091
CVE-2024-42253
CVE-2024-42119
CVE-2024-42097
CVE-2024-42243
CVE-2024-39487
CVE-2024-42235
CVE-2024-42120
CVE-2024-42149
CVE-2024-41015
CVE-2024-41074
CVE-2024-42067
CVE-2024-42090
CVE-2024-42128
CVE-2024-41038
CVE-2024-42113
CVE-2024-42102
CVE-2024-42231
CVE-2024-42080
CVE-2024-42241
CVE-2024-42106
CVE-2024-42130
CVE-2024-42073
CVE-2024-42153
CVE-2024-42156
CVE-2024-42118
CVE-2024-41007
CVE-2024-41049
CVE-2024-39486
CVE-2024-42240
CVE-2024-41018
CVE-2024-42251
CVE-2024-42280
CVE-2024-42096
CVE-2024-42121
CVE-2024-42246
CVE-2024-42092
CVE-2024-41090
CVE-2024-42157
CVE-2024-43858
CVE-2024-42150
CVE-2024-42110
CVE-2024-41010
CVE-2024-41081
CVE-2024-41061
CVE-2024-41078
CVE-2024-41094
CVE-2024-41039
CVE-2024-42114
CVE-2024-42109
CVE-2024-41030
CVE-2024-42066
CVE-2024-41035
CVE-2024-42146
CVE-2024-42131
CVE-2024-41059
CVE-2024-41067
CVE-2024-42138
CVE-2024-41050
CVE-2024-41034
CVE-2024-41077
CVE-2024-41076
CVE-2024-41088
CVE-2024-41096
CVE-2024-41073
CVE-2024-41037
CVE-2024-42232
CVE-2024-41063
CVE-2024-42117
CVE-2024-42155
CVE-2024-41080
CVE-2024-42132
CVE-2024-42084
CVE-2024-42136
CVE-2024-42223
CVE-2024-41068
CVE-2024-42225
CVE-2024-42065
CVE-2024-41051
CVE-2024-43855
CVE-2024-42238
CVE-2024-42250
CVE-2024-42112
CVE-2024-41070
CVE-2023-52887
CVE-2024-42094
CVE-2024-42095
CVE-2024-41086
CVE-2024-41020
CVE-2024-41082
CVE-2024-42115
CVE-2024-42152
CVE-2024-42239
CVE-2024-42093
CVE-2024-42126
CVE-2024-41022
CVE-2024-41017
CVE-2024-41092
CVE-2024-41044
CVE-2024-42140
CVE-2024-41029
CVE-2024-41054
CVE-2024-42158
CVE-2024-41066
CVE-2024-42244
CVE-2024-42070
CVE-2024-41025
CVE-2024-42229
CVE-2024-42085
CVE-2024-41084
CVE-2024-41060
CVE-2024-41062
CVE-2024-42105
CVE-2024-42124
CVE-2024-41045
CVE-2024-42227
CVE-2024-41047
CVE-2024-41042
CVE-2024-42100
CVE-2024-42247
CVE-2024-41041
CVE-2024-42087
CVE-2024-42252
CVE-2024-41058
CVE-2024-42063
CVE-2024-42271
CVE-2024-41027
CVE-2024-42079
CVE-2024-42104
CVE-2024-41098
CVE-2024-41033
CVE-2024-41072
CVE-2024-41031
CVE-2024-42089
CVE-2024-41032
CVE-2024-42127
CVE-2024-41093
CVE-2024-42082
CVE-2024-41023
CVE-2024-41075
CVE-2024-42151
CVE-2024-42141
CVE-2024-42108
CVE-2024-42068
CVE-2024-41085
CVE-2024-42103
CVE-2024-41057
CVE-2024-42064
CVE-2024-42161
CVE-2024-41052
CVE-2024-41053
CVE-2024-42069
CVE-2024-41021
CVE-2024-42147
CVE-2024-41065
CVE-2024-41091
CVE-2024-41079
CVE-2024-42086
CVE-2024-42234
CVE-2024-41055
CVE-2024-41083
CVE-2024-42101
CVE-2024-42230
CVE-2024-41095
CVE-2024-41019
CVE-2024-42245
CVE-2024-42129
CVE-2024-42144
CVE-2024-42236
CVE-2024-41028
CVE-2024-42077
CVE-2024-42248
CVE-2024-41046
CVE-2024-42133
CVE-2024-42074
CVE-2024-41089
CVE-2024-42237
CVE-2024-41056
CVE-2024-41048
CVE-2024-42137
CVE-2024-41069
CVE-2024-41097
CWE-ID CWE-399
CWE-667
CWE-415
CWE-20
CWE-125
CWE-908
CWE-119
CWE-416
CWE-388
CWE-476
CWE-682
CWE-190
CWE-617
CWE-835
CWE-401
CWE-96
CWE-269
CWE-843
CWE-665
Exploitation vector Local
Public exploit N/A
Vulnerable software
Ubuntu
Operating systems & Components / Operating system

linux-image-oem-24.04a (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-oem-24.04 (Ubuntu package)
Operating systems & Components / Operating system package or component

linux-image-6.8.0-1016-oem (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 196 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU94364

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25741

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the printer_write() in drivers/usb/gadget/function/f_printer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper locking

EUVDB-ID: #VU94991

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41064

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Double free

EUVDB-ID: #VU95008

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41087

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU95057

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52888

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the h264_enc_free_work_buf() function in drivers/media/platform/mediatek/vcodec/encoder/venc/venc_h264_if.c, within the vdec_av1_slice_free_working_buffer() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_av1_req_lat_if.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU95100

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ecdh_set_secret() function in crypto/ecdh.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU94950

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42111

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the btrfs_qgroup_check_inherit() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use of uninitialized resource

EUVDB-ID: #VU95031

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42076

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU94953

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42088

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the SND_SOC_DAILINK_DEFS() function in sound/soc/mediatek/mt8195/mt8195-mt6359.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU95095

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42135

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vhost_task_fn(), EXPORT_SYMBOL_GPL() and vhost_task_create() functions in kernel/vhost_task.c, within the __vhost_worker_flush(), vhost_vq_reset(), vhost_worker(), vhost_worker_create(), __vhost_vq_attach_worker() and vhost_free_worker() functions in drivers/vhost/vhost.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU95054

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42145

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the MODULE_AUTHOR(), __get_agent(), send_handler(), recv_handler() and ib_umad_read() functions in drivers/infiniband/core/user_mad.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU95083

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42142

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the acl_ingress_ofld_setup(), esw_acl_ingress_src_port_drop_create(), esw_acl_ingress_ofld_groups_destroy() and esw_acl_ingress_ofld_setup() functions in drivers/net/ethernet/mellanox/mlx5/core/esw/acl/ingress_ofld.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper locking

EUVDB-ID: #VU94995

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41036

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ks8851_tx_work() function in drivers/net/ethernet/micrel/ks8851_spi.c, within the ks8851_irq() and ks8851_set_rx_mode() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU94956

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41071

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU94672

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41012

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU95102

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42091

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xe_pat_dump() function in drivers/gpu/drm/xe/xe_pat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Resource management error

EUVDB-ID: #VU95562

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42253

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pca953x_irq_bus_sync_unlock() function in drivers/gpio/gpio-pca953x.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper error handling

EUVDB-ID: #VU95015

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42119

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the find_first_free_audio() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU95001

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the load_data() and load_guspatch() functions in sound/synth/emux/soundfont.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper error handling

EUVDB-ID: #VU95511

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42243

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the include/linux/pagemap.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds read

EUVDB-ID: #VU93889

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39487

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU95505

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42235

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the crst_table_alloc() and base_crst_alloc() functions in arch/s390/mm/pgalloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU95099

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42120

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper error handling

EUVDB-ID: #VU95013

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42149

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the fs_bdev_thaw() function in fs/super.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU94842

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41015

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ocfs2_check_dir_entry(), ocfs2_search_dirblock(), __ocfs2_delete_entry(), __ocfs2_add_entry(), ocfs2_dir_foreach_blk_id(), ocfs2_dir_foreach_blk_el(), ocfs2_find_dir_space_id() and ocfs2_find_dir_space_el() functions in fs/ocfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper locking

EUVDB-ID: #VU95087

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41074

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_ondemand_copen() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Incorrect calculation

EUVDB-ID: #VU95077

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42067

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the bpf_flush_icache() function in arch/sparc/net/bpf_jit_comp_64.c, within the print_fn_code() function in arch/s390/net/bpf_jit_comp.c, within the bpf_flush_icache() function in arch/parisc/net/bpf_jit_core.c, within the bpf_int_jit_compile() function in arch/mips/net/bpf_jit_comp.c, within the flush_icache_range() and bpf_jit_binary_free() functions in arch/loongarch/net/bpf_jit.c, within the bpf_int_jit_compile() and bpf_jit_prog_release_other() functions in arch/arm/net/bpf_jit_32.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper locking

EUVDB-ID: #VU94988

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42090

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource management error

EUVDB-ID: #VU95058

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42128

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the an30259a_probe() function in drivers/leds/leds-an30259a.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU95048

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41038

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the cs_dsp_coeff_parse_string(), cs_dsp_coeff_parse_int(), cs_dsp_coeff_parse_coeff() and cs_dsp_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use of uninitialized resource

EUVDB-ID: #VU95025

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42113

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the wx_set_interrupt_capability() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Integer overflow

EUVDB-ID: #VU95034

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42102

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Resource management error

EUVDB-ID: #VU95061

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42231

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the calc_available_free_space() function in fs/btrfs/space-info.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Input validation error

EUVDB-ID: #VU95103

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42080

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the rdma_restrack_init() and type2str() functions in drivers/infiniband/core/restrack.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU95517

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42241

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the shmem_confirm_swap() and shmem_is_huge() functions in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use of uninitialized resource

EUVDB-ID: #VU95024

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42106

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Incorrect calculation

EUVDB-ID: #VU95075

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42130

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the virtual_ncidev_write() function in drivers/nfc/virtual_ncidev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU94940

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42073

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_sb_sr_occ_query_cb(), mlxsw_reg_sbsr_pack() and mlxsw_sp_sb_occ_max_clear() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_buffers.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper locking

EUVDB-ID: #VU94983

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42153

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the wait_reset(), i2c_pnx_master_xmit(), i2c_pnx_master_rcv(), i2c_pnx_interrupt(), i2c_pnx_timeout(), i2c_pnx_xfer() and i2c_pnx_probe() functions in drivers/i2c/busses/i2c-pnx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU95091

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42156

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Reachable assertion

EUVDB-ID: #VU95006

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42118

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the resource_stream_to_stream_idx() function in drivers/gpu/drm/amd/display/dc/core/dc_resource.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU94345

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41007

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_rtx_probe0_timed_out() function in net/ipv4/tcp_timer.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU94947

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41049

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the posix_lock_inode() function in fs/locks.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU93834

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39486

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_file_update_pid() function in drivers/gpu/drm/drm_file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Buffer overflow

EUVDB-ID: #VU95516

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42240

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Out-of-bounds read

EUVDB-ID: #VU94838

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41018

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the log_replay() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU95560

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42251

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the page_folio() function in mm/gup.c, within the filemap_get_folios_contig(), filemap_get_read_batch() and next_uptodate_folio() functions in mm/filemap.c, within the cifs_extend_writeback() function in fs/smb/client/file.c, within the afs_extend_writeback() function in fs/afs/write.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU96106

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfcmulti_dtmf() and HFC_wait_nodebug() functions in drivers/isdn/hardware/mISDN/hfcmulti.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper locking

EUVDB-ID: #VU94987

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42096

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Input validation error

EUVDB-ID: #VU95098

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42121

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the read() and write() functions in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Infinite loop

EUVDB-ID: #VU95515

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42246

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU95000

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42092

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the davinci_gpio_probe() function in drivers/gpio/gpio-davinci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Out-of-bounds read

EUVDB-ID: #VU94840

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41090

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU95090

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42157

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU96113

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the diSync() and diRead() functions in fs/jfs/jfs_imap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource management error

EUVDB-ID: #VU95049

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42150

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the txgbe_open() function in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the txgbe_irq_enable(), txgbe_request_irq() and txgbe_setup_misc_irq() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c, within the wx_free_irq() function in drivers/net/ethernet/wangxun/libwx/wx_lib.c, within the wx_sw_init() function in drivers/net/ethernet/wangxun/libwx/wx_hw.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Resource management error

EUVDB-ID: #VU95050

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42110

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ntb_netdev_rx_handler() function in drivers/net/ntb_netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU94507

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41010

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ingress_init(), ingress_destroy(), clsact_init() and clsact_destroy() functions in net/sched/sch_ingress.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Resource management error

EUVDB-ID: #VU95051

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41081

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ila_output() function in net/ipv6/ila/ila_lwt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU94955

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41061

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dml2_calculate_rq_and_dlg_params() function in drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory leak

EUVDB-ID: #VU94929

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41078

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the btrfs_quota_disable() function in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Buffer overflow

EUVDB-ID: #VU95056

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41094

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the drm_fbdev_dma_helper_fb_probe() function in drivers/gpu/drm/drm_fbdev_dma.c, within the drm_fb_helper_alloc_info() and __drm_fb_helper_initial_config_and_unlock() functions in drivers/gpu/drm/drm_fb_helper.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Buffer overflow

EUVDB-ID: #VU95042

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41039

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the cs_dsp_adsp1_parse_sizes(), cs_dsp_adsp2_parse_sizes(), cs_dsp_load() and cs_dsp_buf_free() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper locking

EUVDB-ID: #VU94986

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42114

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the NLA_POLICY_FULL_RANGE() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU94934

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42109

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nft_rcv_nl_event() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper error handling

EUVDB-ID: #VU95021

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41030

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the smb2_create_open_flags() and smb2_open() functions in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Integer overflow

EUVDB-ID: #VU95038

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42066

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the xe_ttm_vram_mgr_new() function in drivers/gpu/drm/xe/xe_ttm_vram_mgr.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Input validation error

EUVDB-ID: #VU95109

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41035

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the usb_parse_endpoint() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Resource management error

EUVDB-ID: #VU95065

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42146

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the p2p_enabled() and dma_buf_run_device() functions in drivers/gpu/drm/xe/tests/xe_dma_buf.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Integer overflow

EUVDB-ID: #VU95035

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42131

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use of uninitialized resource

EUVDB-ID: #VU95033

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41059

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hfsplus_listxattr() function in fs/hfsplus/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Reachable assertion

EUVDB-ID: #VU95007

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41067

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the scrub_submit_extent_sector_read() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) NULL pointer dereference

EUVDB-ID: #VU94959

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42138

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the vfree() function in drivers/net/ethernet/mellanox/mlxsw/core_linecards.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Improper locking

EUVDB-ID: #VU94993

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41050

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_ondemand_send_req() function in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Improper error handling

EUVDB-ID: #VU95020

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41034

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) NULL pointer dereference

EUVDB-ID: #VU94976

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41077

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the null_validate_conf() function in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Memory leak

EUVDB-ID: #VU94928

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41076

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Improper locking

EUVDB-ID: #VU94989

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41088

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mcp251xfd_tx_obj_from_skb(), mcp251xfd_tx_busy() and mcp251xfd_start_xmit() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c, within the mcp251xfd_open() and mcp251xfd_stop() functions in drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use-after-free

EUVDB-ID: #VU94941

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41096

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the msi_capability_init() function in drivers/pci/msi/msi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Double free

EUVDB-ID: #VU95011

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41073

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the nvme_cleanup_cmd() function in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU94975

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41037

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hda_dai_suspend() function in sound/soc/sof/intel/hda-dai.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use-after-free

EUVDB-ID: #VU95503

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42232

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the delayed_work() and EXPORT_SYMBOL() functions in net/ceph/mon_client.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU94992

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41063

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Reachable assertion

EUVDB-ID: #VU95005

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42117

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the find_disp_cfg_idx_by_plane_id() and find_disp_cfg_idx_by_stream_id() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_dc_resource_mgmt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Input validation error

EUVDB-ID: #VU95092

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42155

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper locking

EUVDB-ID: #VU94990

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41080

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the io_register_iowq_max_workers() function in io_uring/register.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Resource management error

EUVDB-ID: #VU95060

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42132

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hci_conn_hash_alloc_unset() and hci_conn_add_unset() functions in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Improper neutralization of directives in statically saved code (\'static code injection\')

EUVDB-ID: #VU95052

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42084

CWE-ID: CWE-96 - Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Integer overflow

EUVDB-ID: #VU95036

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42136

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the cdrom_ioctl_timed_media_change() function in drivers/cdrom/cdrom.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Integer overflow

EUVDB-ID: #VU95037

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42223

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Resource management error

EUVDB-ID: #VU95072

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41068

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sclp_init() function in drivers/s390/char/sclp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Use of uninitialized resource

EUVDB-ID: #VU95028

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42225

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Input validation error

EUVDB-ID: #VU95104

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42065

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the xe_ttm_stolen_mgr_init() function in drivers/gpu/drm/xe/xe_ttm_stolen_mgr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Use-after-free

EUVDB-ID: #VU94946

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41051

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_ondemand_clean_object() function in fs/cachefiles/ondemand.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Improper locking

EUVDB-ID: #VU96147

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43855

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Infinite loop

EUVDB-ID: #VU95514

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42238

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cs_dsp_load() and cs_dsp_load_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU95509

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42250

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cachefiles_daemon_poll() function in fs/cachefiles/daemon.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Use-after-free

EUVDB-ID: #VU94933

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42112

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the txgbe_open() and txgbe_remove() functions in drivers/net/ethernet/wangxun/txgbe/txgbe_main.c, within the wx_free_irq() and ngbe_close() functions in drivers/net/ethernet/wangxun/ngbe/ngbe_main.c, within the wx_setup_isb_resources() and wx_free_all_tx_resources() functions in drivers/net/ethernet/wangxun/libwx/wx_lib.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Use-after-free

EUVDB-ID: #VU94942

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41070

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kvm_spapr_tce_attach_iommu_group() function in arch/powerpc/kvm/book3s_64_vio.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Improper error handling

EUVDB-ID: #VU95018

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52887

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the j1939_xtp_rx_rts_session_new() function in net/can/j1939/transport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Buffer overflow

EUVDB-ID: #VU95040

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42094

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Input validation error

EUVDB-ID: #VU95101

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Input validation error

EUVDB-ID: #VU95002

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41086

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the downgrade_entry_next_c() and bch2_sb_downgrade_validate() functions in fs/bcachefs/sb-downgrade.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Improper locking

EUVDB-ID: #VU94996

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41020

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Resource management error

EUVDB-ID: #VU95073

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41082

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nvmf_reg_read32(), nvmf_reg_read64() and nvmf_reg_write32() functions in drivers/nvme/host/fabrics.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Use-after-free

EUVDB-ID: #VU94932

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the jffs2_i_init_once() function in fs/jffs2/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Memory leak

EUVDB-ID: #VU94922

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42152

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Improper locking

EUVDB-ID: #VU95507

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42239

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __bpf_async_init(), drop_prog_refcnt(), BPF_CALL_1() and hrtimer_cancel() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Buffer overflow

EUVDB-ID: #VU95039

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42093

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the dpaa2_eth_xdp_xmit() and update_xps() functions in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Input validation error

EUVDB-ID: #VU94997

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42126

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper error handling

EUVDB-ID: #VU95022

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41022

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Input validation error

EUVDB-ID: #VU94843

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41017

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Use-after-free

EUVDB-ID: #VU94938

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41092

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Input validation error

EUVDB-ID: #VU95108

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41044

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Improper locking

EUVDB-ID: #VU94985

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42140

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the machine_kexec_mask_interrupts() function in arch/riscv/kernel/machine_kexec.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Improper privilege management

EUVDB-ID: #VU95085

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41029

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the nvmem_populate_sysfs_cells() function in drivers/nvmem/core.c. A local user can read and manipulate data.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) NULL pointer dereference

EUVDB-ID: #VU94980

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41054

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() and ufshcd_mcq_sq_cleanup() functions in drivers/ufs/core/ufs-mcq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Resource management error

EUVDB-ID: #VU95064

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42158

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Memory leak

EUVDB-ID: #VU94927

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41066

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Input validation error

EUVDB-ID: #VU95510

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42244

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Type Confusion

EUVDB-ID: #VU94923

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42070

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c, within the nf_tables_fill_setelem() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Memory leak

EUVDB-ID: #VU94925

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41025

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fastrpc_init_create_static_process() function in drivers/misc/fastrpc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Buffer overflow

EUVDB-ID: #VU95078

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42229

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the setkey_unaligned() function in crypto/cipher.c, within the setkey_unaligned() function in crypto/aead.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) NULL pointer dereference

EUVDB-ID: #VU94965

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42085

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_suspend_common() and dwc3_resume_common() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) NULL pointer dereference

EUVDB-ID: #VU94973

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41084

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __cxl_dpa_to_region() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) NULL pointer dereference

EUVDB-ID: #VU94978

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41060

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_gem_va_update_vm() function in drivers/gpu/drm/radeon/radeon_gem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU94977

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the l2cap_sock_kill(), l2cap_sock_new_connection_cb() and l2cap_sock_recv_cb() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use-after-free

EUVDB-ID: #VU94936

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42105

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_store_disk_layout() function in fs/nilfs2/the_nilfs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Input validation error

EUVDB-ID: #VU95097

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42124

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the qedf_execute_tmf() function in drivers/scsi/qedf/qedf_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Use-after-free

EUVDB-ID: #VU94948

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41045

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bpf_timer_delete_work(), __bpf_async_init() and __bpf_spin_unlock_irqrestore() functions in kernel/bpf/helpers.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Input validation error

EUVDB-ID: #VU95088

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42227

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dml_core_mode_programming() function in drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Improper locking

EUVDB-ID: #VU94994

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41047

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the i40e_xdp_setup() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Input validation error

EUVDB-ID: #VU95003

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41042

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Infinite loop

EUVDB-ID: #VU95044

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42100

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the sunxi_ccu_probe() function in drivers/clk/sunxi-ng/ccu_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Resource management error

EUVDB-ID: #VU95518

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42247

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the swap_endian() function in drivers/net/wireguard/allowedips.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Resource management error

EUVDB-ID: #VU95069

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41041

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sock_set_flag() and spin_unlock() functions in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Resource management error

EUVDB-ID: #VU95066

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42087

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ili9881c_prepare() and ili9881c_unprepare() functions in drivers/gpu/drm/panel/panel-ilitek-ili9881c.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Improper locking

EUVDB-ID: #VU95561

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42252

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the closure_put_after_sub() function in lib/closure.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU94944

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41058

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_withdraw_volumes() function in fs/cachefiles/cache.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) Use of uninitialized resource

EUVDB-ID: #VU95030

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42063

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the PROG_NAME() and PROG_NAME_ARGS() functions in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Use-after-free

EUVDB-ID: #VU96105

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42271

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) Resource management error

EUVDB-ID: #VU95071

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41027

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the userfaultfd_api() function in fs/userfaultfd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) NULL pointer dereference

EUVDB-ID: #VU94968

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42079

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) Use-after-free

EUVDB-ID: #VU94937

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42104

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_check_page() and nilfs_error() functions in fs/nilfs2/dir.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) NULL pointer dereference

EUVDB-ID: #VU94970

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41098

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ata_host_release() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Input validation error

EUVDB-ID: #VU95110

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41033

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the workingset_eviction(), workingset_test_recent() and workingset_refault() functions in mm/workingset.c, within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Input validation error

EUVDB-ID: #VU95106

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41072

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cfg80211_wext_siwscan() function in net/wireless/scan.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Resource management error

EUVDB-ID: #VU95070

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41031

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the do_sync_mmap_readahead() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) NULL pointer dereference

EUVDB-ID: #VU94964

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42089

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fsl_asoc_card_probe() function in sound/soc/fsl/fsl-asoc-card.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Buffer overflow

EUVDB-ID: #VU95079

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DEFINE_PER_CPU() function in mm/vmalloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Improper error handling

EUVDB-ID: #VU95014

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42127

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the lima_pp_init() and lima_pp_bcast_init() functions in drivers/gpu/drm/lima/lima_pp.c, within the lima_mmu_init() function in drivers/gpu/drm/lima/lima_mmu.c, within the lima_gp_init() function in drivers/gpu/drm/lima/lima_gp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Improper error handling

EUVDB-ID: #VU95019

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41093

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Buffer overflow

EUVDB-ID: #VU95055

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42082

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the __xdp_reg_mem_model() function in net/core/xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) Memory leak

EUVDB-ID: #VU94924

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41023

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the enqueue_task_dl() function in kernel/sched/deadline.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Input validation error

EUVDB-ID: #VU95004

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41075

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cachefiles_ondemand_fd_llseek(), cachefiles_ondemand_fd_ioctl() and cachefiles_ondemand_copen() functions in fs/cachefiles/ondemand.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) NULL pointer dereference

EUVDB-ID: #VU94957

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42151

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bpf_dummy_unreg() and bpf_dummy_test_sleepable() functions in net/bpf/bpf_dummy_struct_ops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Improper locking

EUVDB-ID: #VU94984

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42141

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iso_sock_recvmsg() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Use-after-free

EUVDB-ID: #VU94935

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42108

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rswitch_tx_free() function in drivers/net/ethernet/renesas/rswitch.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Incorrect calculation

EUVDB-ID: #VU95076

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42068

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) NULL pointer dereference

EUVDB-ID: #VU94972

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41085

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cxl_mem_probe() function in drivers/cxl/mem.c, within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c, within the match_nvdimm_bridge() and cxlmd_release_nvdimm() functions in drivers/cxl/core/pmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Improper error handling

EUVDB-ID: #VU95016

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42103

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the btrfs_reclaim_bgs_work() function in fs/btrfs/block-group.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) Use-after-free

EUVDB-ID: #VU94945

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41057

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cachefiles_free_volume() function in fs/cachefiles/volume.c, within the cachefiles_withdraw_objects() and cachefiles_withdraw_cache() functions in fs/cachefiles/cache.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Input validation error

EUVDB-ID: #VU95084

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42064

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dml2_calculate_rq_and_dlg_params() and dml2_verify_det_buffer_configuration() functions in drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Use of uninitialized resource

EUVDB-ID: #VU95027

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42161

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the tools/lib/bpf/bpf_core_read.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Improper Initialization

EUVDB-ID: #VU95047

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41052

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the vfio_pci_ioctl_get_pci_hot_reset_info() function in drivers/vfio/pci/vfio_pci_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) NULL pointer dereference

EUVDB-ID: #VU94981

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41053

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ufshcd_abort_one() function in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Double free

EUVDB-ID: #VU95009

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42069

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the add_adev() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Improper error handling

EUVDB-ID: #VU95023

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41021

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the handle_fault_error_nolock() function in arch/s390/mm/fault.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Input validation error

EUVDB-ID: #VU95094

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42147

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the dfx_regs_uninit(), qm_diff_regs_init() and qm_last_regs_init() functions in drivers/crypto/hisilicon/debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Memory leak

EUVDB-ID: #VU94926

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41065

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the alloc_dispatch_log_kmem_cache() function in arch/powerpc/platforms/pseries/setup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Out-of-bounds read

EUVDB-ID: #VU94841

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41091

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Memory leak

EUVDB-ID: #VU94930

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41079

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvmet_execute_admin_connect() and nvmet_execute_io_connect() functions in drivers/nvme/target/fabrics-cmd.c, within the pr_debug() and nvmet_execute_auth_receive() functions in drivers/nvme/target/fabrics-cmd-auth.c, within the nvmet_req_init() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Buffer overflow

EUVDB-ID: #VU95041

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42086

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bme680_compensate_temp(), bme680_compensate_press() and bme680_compensate_humid() functions in drivers/iio/chemical/bme680_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Improper locking

EUVDB-ID: #VU95506

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42234

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the folio_migrate_mapping() function in mm/migrate.c, within the mem_cgroup_migrate() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) NULL pointer dereference

EUVDB-ID: #VU94979

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41055

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) NULL pointer dereference

EUVDB-ID: #VU94974

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41083

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the netfs_page_mkwrite() function in fs/netfs/buffered_write.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) NULL pointer dereference

EUVDB-ID: #VU94963

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42101

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nouveau_connector_get_modes() function in drivers/gpu/drm/nouveau/nouveau_connector.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Resource management error

EUVDB-ID: #VU95062

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42230

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the define_machine() function in arch/powerpc/platforms/pseries/setup.c, within the pseries_kexec_cpu_down() function in arch/powerpc/platforms/pseries/kexec.c, within the default_machine_kexec() function in arch/powerpc/kexec/core_64.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) NULL pointer dereference

EUVDB-ID: #VU94966

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_ld_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Out-of-bounds read

EUVDB-ID: #VU94839

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41019

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Improper locking

EUVDB-ID: #VU95508

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42245

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the detach_tasks() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Resource management error

EUVDB-ID: #VU95059

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42129

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxreg_led_probe() function in drivers/leds/leds-mlxreg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) NULL pointer dereference

EUVDB-ID: #VU94958

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42144

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lvts_probe() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Memory leak

EUVDB-ID: #VU95502

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the usb_string_copy() function in drivers/usb/gadget/configfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) Out-of-bounds read

EUVDB-ID: #VU94954

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41028

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/platform/x86/toshiba_acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Resource management error

EUVDB-ID: #VU95068

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42077

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ocfs2_extend_trans() function in fs/ocfs2/journal.c, within the ocfs2_dio_end_io_write() function in fs/ocfs2/aops.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Improper error handling

EUVDB-ID: #VU95512

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42248

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the ma35d1serial_probe() function in drivers/tty/serial/ma35d1_serial.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Double free

EUVDB-ID: #VU95010

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41046

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ltq_etop_free_channel() function in drivers/net/ethernet/lantiq_etop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Input validation error

EUVDB-ID: #VU95096

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42133

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the hci_le_big_sync_established_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) NULL pointer dereference

EUVDB-ID: #VU94969

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42074

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_acp_resume() function in sound/soc/amd/acp/acp-pci.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) NULL pointer dereference

EUVDB-ID: #VU94971

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41089

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv17_tv_get_hd_modes() function in drivers/gpu/drm/nouveau/dispnv04/tvnv17.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Infinite loop

EUVDB-ID: #VU95513

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42237

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the cs_dsp_load(), cs_dsp_load_coeff() and regmap_async_complete() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Input validation error

EUVDB-ID: #VU95107

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41056

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cs_dsp_coeff_parse_alg() and cs_dsp_coeff_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) NULL pointer dereference

EUVDB-ID: #VU94982

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41048

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sk_msg_recvmsg() function in net/core/skmsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Use-after-free

EUVDB-ID: #VU94931

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42137

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qca_serdev_shutdown() function in drivers/bluetooth/hci_qca.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) Use-after-free

EUVDB-ID: #VU94943

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41069

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the soc_tplg_dapm_graph_elems_load() function in sound/soc/soc-topology.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Resource management error

EUVDB-ID: #VU95067

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41097

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package linux-oem-6.8 to the latest version.

Vulnerable software versions

Ubuntu: 24.04

linux-image-oem-24.04a (Ubuntu package): before 6.8.0-1016.16

linux-image-oem-24.04 (Ubuntu package): before 6.8.0-1016.16

linux-image-6.8.0-1016-oem (Ubuntu package): before 6.8.0-1016.16

CPE2.3 External links

http://ubuntu.com/security/notices/USN-7089-4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###